Introduction

In today's cloud environments, organizations frequently encounter backup management challenges that extend beyond simple data protection. Without a centralized backup strategy, companies face critical issues such as inconsistent backup policies, limited operational visibility, and difficulties in demonstrating compliance during audits.

As part of AWS Enterprise Support's Technical Account Management, we identified these challenges when we worked with one of our enterprise customers. This customer is a healthcare provider that manages multiple AWS resources. Although the customer had backup processes in place, they lacked clear visibility into their backup success rates and had difficulty verifying whether their sensitive data was adequately protected. Also, they needed a solution that was compliant with healthcare regulations through comprehensive backup reporting.

The AWS Technical Account Managers (TAMs) developed a solution that addressed the customer’s immediate challenges while also establishing a framework for continuous backup governance and compliance monitoring.

This article demonstrates how to create a comprehensive backup monitoring solution that combines AWS Backup's reporting capabilities with QuickSight's visualization features. The solution includes the configuration of automated backup tracking and creation of interactive dashboards for real-time visibility. It also establishes audit-ready reporting that you can use to monitor success rates and identify cost optimization opportunities. This solution can help transform backup operations from a necessary task into a strategic advantage in healthcare and other industries that require robust backup governance.

Prerequisites

• You need an AWS account for this tutorial.

• For more information on how to use AWS Backup for the first time, see the AWS Backup Developer Guide. For AWS Backup pricing, see AWS Backup pricing.

• Set up QuickSight to create datasets and dashboards.

• You need one or more Amazon Elastic Block Store (Amazon EBS) volumes. You can get the volumes that are AWS Free Tier eligible. For the pricing of volumes that aren't covered by AWS Free Tier, see Amazon EBS pricing.

• Create an AWS Identity and Access Management (IAM) role that AWS Backup can use to create a backup of the Amazon EBS volume. If you didn't create a role, then you can use the default IAM role AWSBackupDefaultRole for this purpose.

Solution overview

This solution provides the following features:

• A centralized backup management for AWS resources that streamlines disaster recovery planning and maintains consistent backup policies across your organization.
• Automated backup reporting that reduces manual effort, offers timely insights into backup status, and helps teams respond quickly to backup failures.
• Visual insights into backup operations through intuitive dashboards so that you can quickly identify trends, patterns, and potential issues.
• Compliance monitoring to help maintain regulatory requirements by tracking backup retention, frequency, and success rates across all resources.
• Optimization opportunities for storage costs that you create by identifying underutilized backup resources and optimizing backup schedules.

Solution implementation

Step 1 - Create a backup plan

Complete the following steps:

1. Open the AWS Backup console.
2. On the navigation pane, choose Backup plans. Then, choose Create backup plan.

3. Select Start with a template.
4. Under Templates, for Choose a template plan with existing rules, select Daily-35day-Retention.
5. For Backup plan name, enter a name for your backup plan name.
   Under Backup rules, AWS Backup configured the rule DailyBackups with the default vault.
6. Choose Create plan.

You successfully created your backup plan. You can now assign your unprotected AWS resources to the backup plan that you created.

For more information, see Create a backup plan.

Step 2 - Assign resources to your backup plan

Complete the following steps:

1. Open the AWS Backup console.
2. On the navigation pane, choose Backup plans.
3. Choose the backup plan that you created in the previous section.
4. Under Resource assignments, choose Assign resources.
5. On the Assign resources page, for Resource assignment name, enter a name for your resource assignment.
6. For IAM role, select Default role.
7. Under Resource selection, choose Include specific resource types.
8. Under Select specific resource types, select the resources that you want to protect with your backup plan.
   Note: If you select EBS for Select resource types, then be sure to select All volumes for Volume IDs.

You successfully created the resource assignment for your backup plan.

For more information, see Assign resources using the AWS Backup console.

Step 3 - Configure backup reports

Complete the following steps:

1. Open the AWS Backup console.
2. On the navigation pane, choose Backup Audit Manager. Then, choose Reports.
3. Choose Create report plan.
4. On the Create report plan page, for Choose a report template, select Backup jobs report.
5. Update the default selections where necessary.
6. Under Report delivery, for Bucket name, select an Amazon Simple Storage Service (Amazon S3) bucket for report delivery.
7. Choose Create report plan.

You can see the completed backup reports in the Reports section. To view the detailed status of the backup job, choose View report.

For more information, see Creating report plans using the AWS Backup console.

Step 4 - Create an Amazon S3 manifest file

Create a manifest file in JSON format. You can use JSON manifest files to specify the Amazon S3 files that must be imported into QuickSight. All the files that you specify in a manifest file must use the same file format. Make sure that you grant QuickSight access to the S3 buckets that you want to read the files from. The manifest file must have the .json extension.

QuickSight manifest files use the following JSON format:

{
    "fileLocations": [
        {
            "URIPrefixes": [
                "s3://my-backup-bucket/Backup/<accounted>/us-east-1/2025/01/"
            ]
        }
    ],
    "globalUploadSettings": {
        "format": "CSV",
        "delimiter": ",",
        "textqualifier": "\"",
        "containsHeader": "true"
    }
}

Save the manifest file in the same S3 bucket where you save all your backups.

Step 5 - Turn on Amazon S3 access for QuickSight

Complete the following steps:

1. Open the QuickSight console.

2. Choose your username, and then choose Manage QuickSight.

3. Choose Security & permissions.

4. Under QuickSight access to AWS services, choose Add or remove.

5. Select Amazon S3.

6. Choose Select S3 buckets.

7. Select the buckets that you want QuickSight to access.

8. Choose Finish.

9. Choose Save.

Step 6 - Create a QuickSight dashboard

Complete the following steps:

1. Open the QuickSight console.

2. Choose Datasets. Then, choose NEW DATASET.

3. Choose S3.

4. For Data source name, enter a name for the data source.

5. For Upload a manifest file, enter the URL of your JSON manifest file.

6. Choose Connect.

You can now use the dataset to create QuickSight analyses, add a visual with AutoGraph, and choose a visual type to add another visual.

After you create your analysis and add the visual, you can publish the analysis as a dashboard.

AWS Backup's native jobs dashboard provides basic monitoring with 7-14 days of historical data visibility. However, you can use QuickSight to create custom dashboards for extended historical analysis, advanced analytics, and comprehensive reporting. QuickSight dashboards provide deeper insights into backup operations. These insights include long-term trend analysis, custom key performance indicators (KPIs), and flexible reporting capabilities that aren't available in the standard AWS Backup console.

Cost considerations

If you implement this solution, then you incur additional costs. However, this solution can help you optimize your overall backup spend through better visibility and management.

Your initial costs include the following charges:

• AWS Backup charges based on your backup storage volume and frequency

• QuickSight subscription fees
  Note: You need the Enterprise edition to use advanced features.

• Amazon S3 storage costs for backup reports

Follow these best practices for cost optimization:

AWS Backup:

• Implement lifecycle policies to move older backups to cold storage.

• Set appropriate retention periods based on compliance requirements.

• Use tag-based backup policies to avoid backing up non-critical resources.

QuickSight:

• Start with Standard edition. Upgrade to Enterprise edition only if you need advanced features.

• Remove unused datasets to optimize SPICE (Super-fast, Parallel, In-memory Calculation Engine) capacity.

• Consider reader licenses for users that need only dashboard access.

Amazon S3:

• Configure lifecycle policies to archive older reports to Amazon S3 Glacier.

• Implement retention policies to automatically delete outdated reports.

• Use Amazon S3 Intelligent-Tiering for reports with varying access patterns.

Cleanup

To avoid ongoing charges, complete the following actions:

• Delete unused backup plans and report plans.

• Delete QuickSight datasets and dashboards that you created for this tutorial.

• Delete unused S3 objects.

Conclusion

This article demonstrates how to build a comprehensive backup monitoring solution with AWS Backup and QuickSight to better manage your organization's backup operations, maintain compliance, and optimize costs. The article provides information on how to set up automated backup reporting and create insightful backup monitoring dashboards. It also shows how to implement cost-effective backup strategies and maintain compliance through enhanced visibility.

To get the most out of your AWS environment and similar solutions, engage with AWS Enterprise Support. Our TAMs and Cloud Support Engineers can provide the following support:

• Architectural guidance that's tailored to your specific needs

• Best practices for implementing backup strategies

• Proactive operational support

• Regular technical check-ins and optimization recommendations

For more information on AWS Support offerings and how we can help optimize your cloud journey, see AWS Support plans or contact your AWS account team.

---

About the author

Durgesh Nath

Durgesh Nath is a Senior TAM at AWS. He provides strategic technical guidance and helps customers optimize their AWS infrastructure to achieve operational excellence. He has over 18 years of experience across various domains and technologies, and is passionate about the benefits of generative AI technologies to solve complex business challenges. Beyond work, Durgesh enjoys playing tennis and staying active with regular gym workouts.