Review: AWS Backup - A centralized place for managing backups?

AWS releases a new service with a lot of marketing noise. :tada: You can’t resist, you want to use that new thing now. But soon you discover that:

• the service is missing essential features
• the service is not available in your region
• CloudFormation/Terraform does not cover the new service

As a result, you stumble upon a show stopper and get frustrated. Why is that? AWS ships new services with a lot of limitations and rough edges. That’s a good strategy for AWS to get early feedback. But it’s painful for us, the customer.

Therefore, we start a little series where we review new AWS services to give you a more balanced view of the capabilities.

Introducing AWS Backup

AWS Backup aims to become a centralized place for managing backups. If possible, AWS Backup uses existing features to create backups (e.g., RDS snapshots). Sometimes, AWS Backup is the only way to create a backup (e.g., EFS file systems).

Backups(sometimes also referred to as recovery points) are stored in vaults . You cannot delete a vault as long as it contains backups. It is possible to protect a vault with an optional resource-based policy, e.g., to prevent anyone from deleting backups. The backup plan defines when backups are made and for how long the backups are stored. To be more precise, you only define when a backup job should start. After that, a job tries to start within a configurable period. You can also configure a timeout for the job. Finally, you assign resources to backup plans based on tags or direct assignments. After a disaster, you restore a backup by creating a restore job .

Supported data sources

AWS Backup backs up and restores the following data sources:

• DynamoDB tables
• EFS file systems
• EBS volumes
• RDS databases (except Amazon Aurora)
• Storage Gateway

The following data sources are not supported yet:

• S3 buckets
• EC2 instances
• Elastisearch domains
• Redshift clusters
• EMR clusters
• Cognito user pools
• DocumentDB clusters
• ElastiCache clusters
• Neptune clusters
• CloudDirectory directories

Keep in mind that restores are more complicated than a single click if you manage your infrastructure with CloudFormation. You should still practice restoring your data regularly.

Backup Consistency

If you create a backup, you might expect that all data up to a point in time where the backup was triggered appears in the backup. The following table shows what you can expect in reality.

Data Source Backup consistency DynamoDB EFS :warning: (not when mounted) EBS :warning: (not when mounted) RDS :white_check_mark: Storage Gateway :white_check_mark:

Notifications

AWS Backup can deliver notifications to SNS. Unfortunately, the service does not publish failures to SNS. Failures can happen for many reasons:

StartWindowMinutes
CompletionWindowMinutes

:warning: There is no built-in way to monitor failed backup jobs at the moment.

Service Maturity Table

The following overview shows the maturity of the service.

Criteria Support Score Feature Completeness :warning: 4 Tags (Grouping + Billing) :white_check_mark: 10 CloudFormation + Terraform suppport :white_check_mark: 10 Emits CloudWatch Events 0 IAM granularity 6 Integrated with AWS Config 0 Auditing via AWS CloudTrail :white_check_mark: 10 Available in all commercial regions 5 Total Maturity Score (0-10) :warning: 5.6

Summary

Our maturity score for AWS Backup is 5.6 on a scale from 0 to 10.Therefore, I recommend to evaluate and use AWS Backup with some restrictions listed below.

• AWS Backup is not yet the universal tool that creates backups of everything in a magic way.
• AWS Backup works fine for the supported services: DynamoDB, EFS, EBS, RDS, and Storage Gateway.
• There is no satisfactory alternative for backing up EFS besides AWS Backup.
• Keep in mind that the consistency guarantees for most data sources are weak if the data is modified while the backup runs. But you don’t know the exact time the backup job runs. Therefore, I don’t see how it is possible to ensure consistent backups for data sources like EBS and EFS.
• I don’t think that AWS Backup is made for setups managed entirely with CloudFormation/Terraform. E.g., there is no way to create an EFS file system from a backup in CloudFormation.

In summary, I like the idea that AWS Backup will be the single point where we configure and monitor the backups for all data stores. I will follow the announcements from AWS carefully.

We have added AWS Backup to our CloudFormation templates: aws-cf-templates and cfn-modules .

Looking for a comprehensive introduction to computing, storing, and networking in the AWS cloud? Get a copy of our book Amazon Web Services in Action !