How can I use AWS Backup to create a backup of my AWS resources?

Resolution

Important:

• An AWS Backup plan applies to a single AWS account and AWS Region. For centralized management, create a backup policy in a management account, and then apply it to all child accounts.
• For certain resources, AWS Backup supports incremental backups and backup transitions to cold storage. For more information about the supported resources, see Feature availability by resource.
• AWS Backup provides the capability to create continuous backups and Point In Time Recovery (PITR) restores for certain resources. You can't use on-demand backups to create a continuous backup. To create continuous backups for supported resources, you must create a backup plan or an organization-wide backup policy.
• In the AWS Backup console, the Protected resources page lists resources that AWS Backup backed up at least once. If you're using AWS Backup for the first time, then no resources are listed on this page.
• An on-demand backup immediately starts the backup of your resource. To create a backup at a time that isn't defined in a backup plan, create an on-demand backup.

Use the AWS Backup console to create an on-demand backup job

Follow the steps in Create an on-demand backup. After the backup job completes, navigate to the backup vault to locate the backup recovery point.

Use the AWS CLI to create an on-demand backup job

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then make sure that you're using the most recent version of the AWS CLI.

To use the AWS CLI to create an on-demand backup job, run the start-backup-job command. The following example creates an on-demand backup job for the resource vol-0abcdef1234.

Note: This command includes a value for —idempotency-token. This value is a unique string that you provide to distinguish between StartBackupJob calls. On a Linux operating system, run the uuid command to generate a unique identifier:

aws backup start-backup-job —backup-vault-name default —resource-arn arn:aws:ec2:us-east-1:123456789:volume/vol-0abcdef1234 —iam-role-arn arn:aws:iam::123456789:role/service-role/AWSBackupDefaultServiceRole —lifecycle DeleteAfterDays=30 —region us-east-1

Use a backup plan to create scheduled backups

Create a backup plan, and use it to create scheduled backups. When you create your backup plan, use the backup frequency parameter to choose how often you want to back up your resources. Then, set when your Backup window begins and the duration of the window in hours.

After you create a backup plan, assign your resources to the plan. When you assign a resource to a backup plan, the resource automatically backs up, as specified in the backup plan.

To do assign your resources to the plan, complete the following steps:

1. Open the AWS Backup console, and then choose the backup plan that you created.
2. Choose Assign resources, and then enter the details of the resources that you want to back up. Choose to use all resource types, or choose specific resources.
3. After you assign your resources to the backup plan, wait for the backup plan to start. Then, navigate to Jobs to review your backup jobs.

If your backup plan doesn't create any jobs, then see Why are my scheduled backup plans in AWS Backup not running?

Use a backup policy to create organizational backups

Before you create organizational backups, check that you meet the prerequisites. Then, create a backup policy. Make sure that you attach the policy to the target accounts or organizational unit (OU). Use the cross-account monitoring feature in the management account to monitor the jobs.

Note: Backups reside in the child account. You must create a AWS Backup vault and AWS Identity and Access Management (IAM) role in each child account.

To troubleshoot backup policy issues, see How can I troubleshoot a backup policy that doesn't create any jobs in my member accounts in an organization?