AWS Backup for RDS: How It Works, Where It Falls Short, and How to Do It Right

What Is AWS Backup? 

AWS Backup is a managed service that automates the process of backing up relational databases in AWS. It provides centralized management of backups across multiple AWS services. 

But while AWS Backup seems like a go-to solution for protecting your relational databases, it comes with critical limitations that can leave gaps in your DR strategy. 

This guide breaks down how AWS Backup for RDS works, its key limitations, and best practices for keeping your data safe and recoverable.

What Is Amazon RDS and Why Is Backup Critical? 

Amazon Relational Database Service (Amazon RDS) is a managed database service that simplifies the process of setting up, operating, and scaling relational databases in the cloud. It supports several database engines, including MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server. 

With Amazon RDS, users can deploy databases without having to manage infrastructure tasks such as hardware provisioning or patching. RDS provides high availability and failover support through Multi-AZ deployments, which replicate data synchronously to a standby instance in a different Availability Zone. 

NOTE: Just because it’s “managed” doesn’t mean you can skip the safety net.

That’s why backing up Amazon RDS is a critical consideration for any organization:

• From a disaster recovery standpoint, backups provide a recovery point that allows organizations to restore service quickly and with minimal data loss. This is especially important for mission-critical applications that rely on the RDS database and cannot tolerate extended outages.
• From a compliance perspective, many industries are subject to regulations that mandate data retention and protection. Regulations like GDPR, HIPAA, and PCI-DSS require organizations to maintain recoverable copies of sensitive data and demonstrate that effective safeguards are in place. Consistent, verifiable backups help meet these obligations and support audit readiness.

In this article:

• How AWS Backup Integrates with Amazon RDS
• Limitations of AWS Backup for Protecting RDS
• Amazon RDS Multi-AZ Backups Best Practices
• N2W: Overcoming AWS Backup Limitations at Lower Cost

How AWS Backup Integrates with Amazon RDS 

For many users, the default solution for RDS backup is AWS Backup. Here is the general workflow for backing up RDS with AWS Backup:

1. When a backup is initiated via AWS Backup, the service checks for existing automated backups created by Amazon RDS. If such backups exist, AWS Backup generates an incremental snapshot by copying the most recent automated backup using the copy-db-snapshot operation. 
2. If no automated backups are available, AWS Backup creates a new snapshot of the RDS instance using the create-db-snapshot operation. The first snapshot made by AWS Backup is always a full backup, while subsequent snapshots are incremental, reducing storage costs.
3. To avoid conflicts, users must ensure that backup windows configured in AWS Backup do not overlap with the backup windows set in Amazon RDS.

Related content: Read our guide to AWS backup snapshot

Limitations of AWS Backup for Protecting RDS 

AWS Backup provides centralized backup management for Amazon RDS, but it has several limitations that affect its suitability for certain use cases.

Backup Granularity

AWS Backup does not support fine-grained backup strategies, which may be limiting for some use cases:

• ❌ No per-database backup (Instance-level backups only): AWS Backup treats RDS backups as manual DB snapshots, which capture the entire DB instance. It does not support backing up or restoring individual databases within an instance.
• ❌ No native SQL Server backup support: For RDS SQL Server, AWS Backup does not support native SQL Server backup and restore operations, such as differential or transaction log backups. This limits the ability to perform granular restores or point-in-time recovery using native SQL Server tools.
• ❌ No Point-in-time recovery (PITR): While AWS Backup allows restoring RDS instances to specified recovery points, it does not support continuous point-in-time recovery. For SQL Server, native backups do not support PITR, differential, or transaction log restores.

✅ TIP: With N2W, you can take frequent snapshots—even at 60 second intervals, if you wanted—and recover fast without relying on SQL-native methods.

Cross-Region and Cross-Account Backups

Some backup options are limited when working across different regions or accounts:

• ❌ No cross-region PITR: AWS Backup does not support point-in-time recovery across regions. While it allows copying backups to other regions, restoring to a point in time in a different region is not supported.
• Cross-account limitations: Cross-account backup and restore operations may require additional configuration and permissions, and certain features might not be fully supported across accounts.
  

✅ N2W makes cross-region and cross-account ridiculously easy. Restore across accounts, regions, or even clouds—all from a single console, in a few clicks.

Retention and Snapshot Management

AWS Backup lacks the flexibility to retain and manage large numbers of backups:

• Retention limits: The maximum number of retained automated backups per AWS Region is 40. Retained automated backups do not include parameter or option group information and cannot be modified.
• Snapshot constraints: Backups managed by AWS Backup are considered manual DB snapshots and do not count toward the manual snapshot quota. However, they are still subject to regional storage limits and cannot be modified once created.

Operational Considerations

There are several additional issues that can arise when using AWS Backup for RDS:

• Backup window conflicts: Manual snapshots cannot be taken while an automated snapshot is in progress. This can complicate backup scheduling and may require careful coordination to avoid conflicts.
• I/O suspension during backups: For Single-AZ deployments, creating a snapshot can result in brief I/O suspension, potentially impacting application performance during the backup process.
• Backup duration limitations: For RDS SQL Server, native backups of databases larger than 1 TB are not supported due to the risk of backup operations exceeding the 24-hour window, which can interfere with automated backups.

Amazon RDS Multi-AZ Backups Best Practices 

Here are some of the ways that organizations can ensure the most effective backup strategy with AWS RDS.

1. Enable Automated Backups

Automated backups are essential for ensuring consistent, recoverable states of Amazon RDS databases. When enabled, RDS captures daily snapshots and transaction logs, enabling point-in-time recovery for up to 35 days. In Multi-AZ configurations, these backups are taken from the standby replica, which helps eliminate the performance overhead on the primary instance.

This setup reduces risk during peak hours and improves system reliability. To enable automated backups, users must configure the backup retention period, which is set to zero by default. It’s also crucial to verify that automated backups are correctly scheduled and retained for the duration required by data retention or compliance policies.

2. Schedule Backups During Low-Activity Periods

Even with Multi-AZ deployments offloading backup operations to standby instances, scheduling backups during low-traffic periods is recommended. Backups taken during peak times may still have secondary impacts, such as increased replication lag or interference with maintenance tasks.

Choosing a clearly defined backup window allows better control and predictability over when snapshots and transaction logs are captured. Organizations should assess their usage patterns and identify windows of minimal application activity. Coordinating backup windows with maintenance events (like patching or scaling operations) is also important to prevent service interruptions.

3. Implement Cross-Region Backups

Cross-region backup strategies are crucial for business continuity and disaster recovery planning. By replicating snapshots to a secondary AWS region, organizations ensure data availability even if the primary region becomes unavailable due to outages or disasters.

This can be implemented using automated snapshot copy functionality or by configuring AWS Backup with cross-region backup plans. It’s important to remember that while these cross-region copies protect against regional failures, they do not support point-in-time recovery in the destination region. For full regional redundancy, users should include cross-region replication as part of a broader high availability and failover strategy.

4. Monitor Backup Operations

Proactive monitoring is essential to ensure backup operations are running as intended and to detect issues early. AWS provides several tools for monitoring, including CloudWatch metrics (e.g., BackupSuccess, BackupFailure) and AWS Backup Audit Manager, which helps enforce backup policies across multiple accounts and resources.

Users should configure alerts for failed or missed backups and routinely review backup job logs. Regular reporting can reveal trends like increasing backup times or storage usage, which may indicate performance issues or the need to revisit backup schedules. Comprehensive monitoring also supports audits and compliance reporting by providing historical backup records.

5. Test Backup and Restore Procedures

Backups are only valuable if they can be reliably restored. Periodically testing both full and partial restore scenarios validates that the backup strategy works in practice. This includes testing snapshot restores to new instances, point-in-time recovery where supported, and restoration in different regions or accounts.

Testing should also include validation of connectivity, security groups, parameter groups, and any post-restore steps like schema updates or configuration changes. For regulated industries, documented restore tests are often a compliance requirement. Regular testing not only ensures data integrity but also improves organizational readiness for real-world recovery scenarios.

✅ You don’t want your first restore to be during a real outage. Schedule DR drills to be frequent and automated. N2W even lets you simulate full failover events and restore in just a few clicks.

6. Use Manual Snapshots for Critical Changes

Manual snapshots provide administrators with a reliable rollback point before making significant application or infrastructure changes. Unlike automated backups, manual snapshots are retained until explicitly deleted, making them suitable for versioned backups and long-term archival.

They are particularly valuable during schema changes, data migrations, or application updates, as they allow quick recovery in the event of unexpected errors. Snapshots can be created via the AWS Console, CLI, or integrated into CI/CD pipelines to ensure consistent backup practices before deployment. Manual snapshots can also serve as baseline images for cloning or launching development and testing environments.

7. Configure Backup Retention According to Compliance Needs

Backup retention must align with business, legal, and regulatory requirements. For example, financial institutions may need to retain backups for several years, while tech startups might only need a few weeks of history. In Amazon RDS, retention is controlled via the backup retention period setting for automated backups and through lifecycle policies for manual snapshots managed by AWS Backup.

Over-retention increases storage costs, while under-retention can lead to compliance violations or data loss. Organizations should review retention policies regularly, adjust settings based on audit findings or new requirements, and automate retention enforcement wherever possible. Using AWS Backup’s built-in policy framework can help standardize retention across environments and reduce the risk of human error.

N2W: Overcoming AWS Backup Limitations at Lower Cost

Why wrestle with AWS Backup’s limits when N2W gives you:

• Granular control over RDS backup frequency, retention, and recovery
• One-click cross-region, cross-account restores (yes, even for RDS!)
• Immutable backups with air-gap protection for compliance confidence
• Smart automation for backup scheduling, DR testing, and alerting
• All from a single, secure console that runs inside your AWS account

Try it free for 30 days—no credit card, no risk. Just easier, safer backups.