The first article in this series examined the importance of data backups and touched upon both AWS Backup, its basic features and limitations, and other backup solutions that may be more appropriate for fine tuning your backup management and for environments that are scaling, like N2WS Backup & Recovery. Because having backups of your critical data ensures business continuity, finding the tool that suits your needs is very important. This blog post will provide an in-depth look and an overview of AWS Backup, covering its principal features and limitations, how it works, how it’s priced, and some of its use cases.
A complete feature overview of AWS Backup
As was discussed in the previous article in this series, AWS Backup is an AWS service designed to provide a centralized location for automating data backups.
At the time of publication, AWS Backup works with a limited number of specific services. It can be used to back up your EBS volumes (block storage used by various AWS instances), RDS databases (Amazon’s relational database offering), DynamoDB tables (a key-value and document database), EFS file systems (a fully managed network shared storage), and Storage Gateway volumes (a hybrid cloud storage service designed to work with on-premises resources). Amazon EC2, Amazon VPC, Amazon Aurora and Amazon Redshift are still not supported with AWS Backup and therefore other solutions in order to automate your EC2 backups would need to be implemented .
AWS Backup uses backup policies, known as “backup plans,” which help you to define the various requirements that can be applied to your AWS resources. You can, for example, create a backup plan to ensure a daily, weekly, monthly, 12-hour, or even custom (created in cron format) backup schedule. You can then run that schedule using the recommended default backup window or a custom one that you prefer.
When you choose your backup plan, you can also establish a lifecycle for your backups. They can be sent to cold storage (this option is currently only available for EFS file systems) or expired completely. These options allow you to reduce the cost of storing backups.
Your backup plan can be created from scratch by choosing one of the options mentioned above. Alternately, you can start with an existing plan and pick a premade template that suits you, such as a daily backup with a 35-day retention period or a monthly backup with a one-year retention period.
You can also define a plan from scratch using JSON. This can be used when you want to create a new plan based upon an already-existing one or when you want to share plans with your other AWS accounts.
AWS Backup only creates a complete copy of your data the first time the backup is initiated. Every subsequent backup is incremental, meaning that only the changes being made to your AWS resources will be backed up.
After you create a backup plan, you need to assign the desired resources that will be backed up. You can do this either by choosing a resource ID—the best option to select if you don’t have too many resources to add—or by specifying tags. AWS Tag-based resource selection allows you to easily create backups while also maintaining logical segmentation. Each group can have its own backup plan. For example, the EBS volumes that need daily backups can be tagged one way and added to a backup plan that will make sure they are backed up every day at a specific time. You can tag your RDS instances with a different tag and add them to another backup plan—maybe one that will back them up hourly. Finally, you can assign a tag to your EFS file system that ensures weekly backups.
AWS Backup Vaults
All data backups created by the AWS Backup service are stored in vaults, which are containers that help you organize your backups. By default, the available vault will be the one named “default;” however, you can create multiple vaults if you want to have a logical separation of resources. These vaults use AWS KMS (Key Management Service) to both encrypt your backups and provide access control for the backups stored within the vault. If your business requires multiple KMS keys to be used, you can have a different one for each of your vaults.
For compliance purposes, AWS Backup encrypts your data backups both in transit and at rest.
Hybrid Cloud Use Cases
AWS Backup is most commonly used for backing up and restoring your AWS cloud resources, but it can also be used for your on-premises resources. Its integration with AWS Storage Gateway (a hybrid cloud storage service) allows you to back up the data stored within your Storage Gateway volumes. These volumes can later be restored both on-premises and in the cloud since they are compatible with EBS volumes.
AWS Backup is available in limited AWS Regions and not available in GovCloud. AWS GovCloud is a special region within the United States, operated by employees who are U.S. citizens on U.S. soil. AWS GovCloud is used by various government departments and agencies as well as other companies that have sensitive data and regulated IT workloads. These companies benefit from the agility, scalability, and security that AWS offers while maintaining the complete isolation that GovCloud provides.
AWS Backup has its limitations. Most importantly, it only works with a few select services. It does not work with EC2, Aurora, RedShift, and VPC, making it difficult for some companies to centralize all of their backup needs. Another key feature missing is the inability to clone and capture Amazon VPC, which is essential in ensuring high availability of your entire AWS infrastructure. N2WS Backup & Recovery, on the other hand, provides this feature guaranteeing that you can very quickly and completely recover your infrastructure in the event of an outage or failure in mere minutes. While AWS Backup is offered in most regions, lack of support for the GovCloud region can be an issue for some clients. Additionally, many companies today run multiple AWS accounts as a part of AWS Organizations, so the lack of cross-account backup will be a significant limitation for them. Cross-account disaster recovery is an essential part of any DR plan which protects against your AWS account being compromised.
There are service limits as well, with each account being restricted to 100 backup vaults and 100 backup plans. It’s not possible to have more than 50 tags on a resource, although this number is generally enough for most use cases. Finally, when running backup jobs, only one concurrent job per resource can be run.
Other standout limitations include and are not limited to :
- the inability to see which of your resources are protected/unprotected
- limited search function (must know the volume ID in order to search for your resources)
- the inability to manage multiple accounts (especially important for MSPs who are managing independent users and clients)
- no reporting, daily summaries and alerts in case something goes wrong which are particularly important for audits
- lack of knowledge of exact backup time (backups will be performed within a window of time)
- inability to keep backup logs without keeping the backups themselves
- no support for resource control so user cannot schedule the start/stop of their instances in order to optimize and minimize resource spend
- no support for file or folder level recovery
- major limitations with tag management
- no support for application consistency as it is in most cases highly important to guarantee that the application is brought to quiescence prior to the backup copy operation
- no 24/7 free support. Customers generally have to wait until business hours and it may take days for a ticket to be responded to. This is a big risk to take when minutes of downtime cost companies millions of dollars, customer distrust and the potential to even completely go out of business.
There are other methods for ensuring granular and more reliable backup management and it is important to explore and test out other options to see which tool covers your specific bases. AWS customers do find that the current limitations are preventing them from backing up their production environment using AWS Backup. N2WS Backup & Recovery has a 30-day free trial edition which is fully functional and incorporates all of the above missing AWS Backup features as well as other key Enterprise level features. In addition, the product is launched as an AMI giving you complete control of your AWS environment, all under one easy to use console.
AWS Backup is priced for the backup storage being used (making incremental backups very handy) and for the data being restored.
Backing up EBS volumes costs $0.05 per GB per month, and restoring that data is free. RDS database backups and AWS Storage Gateway Volumes are both priced at $0.095 per GB per month, and restores are also free. DynamoDB tables are backed up at $0.10 per GB per month. Restoring them will cost you $0.15 per GB of data. Backing up an EFS file system costs $0.05 per GB ($0.01 if you decide to opt for cold storage), and restoring it costs $0.02 per GB ($0.03 per GB from cold storage).
AWS Backup API
An application program interface (commonly known as an API) is an intermediary that allows applications to communicate with one another. APIs are useful when you or your application needs to access some functionalities. AWS provides APIs for many of its services, and AWS Backup is no exception.
The AWS Backup API allows you use AWS CLI or SDKs (Software Development Kits) for processes like automation, for example, so that you don’t have to do them via a web UI. The AWS Backup API offers functionalities such as creating backup plans, creating vaults, listing tags, and starting backups or restores. For a full list of these features, check out the AWS documentation.
AWS Backup: a centralized place for managing backups
This overview of AWS Backup ran through the service’s capabilities and limitations, of which we will delve deeper in future blog posts. We’ll be providing detailed how-to guides for using all of the capabilities described in this overview of AWS Backup as well as some specific use cases. Our next blog post will describe in detail how to do a backup and a restore of your AWS cloud resources.