How do I create an Amazon S3 continuous or periodic backup in AWS Backup?

5 minute read

I want to create a continuous or periodic Amazon Simple Storage Service (Amazon S3) backup in AWS Backup.

Short description

In AWS Backup, you can create Amazon S3 backups types that can be continuous or periodic.

Continuous backups allow you to store backups for up to 35 days and restore to any point in time for the past 35 days.
Periodic backups are considered snapshot backups and you can restore only the data that was present at the time of the backup. Periodic backups allow you store backups for longer periods of time to satisfy compliance requirements.

You can choose one, or use both, of these backup types to protect your Amazon S3 bucket.

When creating an Amazon S3 backup, consider the following limitations and best practices:

See Considerations for AWS Backup for Amazon S3.
It's a best practice to configure continuous backups for an S3 bucket in one backup plan.
Amazon S3 buckets for continuous or periodic backups must both reside in the same backup vault.
When you perform cross-account and cross-Region copies of an S3 bucket, the copies are always periodic backups. These periodic backups can be restored to a specific point in time to when the copy was created.
AWS Backup supports restoring the latest version of the object. AWS Backup doesn't support restoration of the entire version stack.
Amazon S3 backups are re-encrypted with a backup vault key. Amazon S3 backups don't use the original encryption key of the object.
AWS Backup verifies if all destinations are valid for event notifications configured on an S3 bucket. If there are any invalid destinations, then the backup job will fail.
S3 backups allow you to back up the objects stored in only the following storage classes:
Amazon S3 Standard
Amazon S3 Standard - Infrequently Access (IA)
Amazon S3 Intelligent-Tiering (S3 INT)
Amazon S3 One Zone-IA
Amazon S3 Glacier Instant Retrieval

Warning: Don't backup an S3 bucket that stores its own AWS CloudTrail logs at either the object or bucket level. Backing up an S3 bucket that stores its own AWS CloudTrail logs can cause recursive API calls that might increase your costs.

Resolution

Prerequisites

You must have an AWS Identity and Access Management (IAM) role for taking backups with the correct set of permissions. The AWS managed policies for S3 backup and restore are:
AWSBackupServiceRolePolicyForS3Backup
AWSBackupServiceRolePolicyForS3Restore
Note: These AWS managed policies aren't included in the default role for AWS Backup when creating the role. These policies must be attached to the role separately.
You must turn on versioning for your Amazon S3 bucket before you can take a backup
Create the Backup plan in the same AWS Region as the Amazon S3 bucket.
Service opt-in must be turned on for Amazon S3 in the Region where the backups are taken.
Make sure that Amazon EventBridge is activated on the bucket, otherwise the continuous backups will fail. If the s3:PutBucketNotification permissions is denied for the backup role, then the job will fail.

Create a continuous backup

Complete the following steps:

Open the AWS Backup console.
In the navigation pane, choose Backup plans, and then choose Create Backup plan.
For Start options, choose Build a new plan, and then enter a Backup plan name.
(Optional) Add tags to your backup plan.
For Backup rule configuration, enter a Backup rule name. Then, choose a Backup vault, a Backup frequency, and then choose Enable continuous backups for point-in-time recovery (PITR).
Set a default or custom Backup window.
(Optional) Choose a Region to Copy to destination.
Choose Create plan.
In the navigation pane, choose Backup plans. Then, choose the backup plan that you created.
In Resource assignments, choose Assign resources.
For General, enter a Resource assignment name, and then choose an IAM role.
For Resource selection, choose Include specific resource types. Then, assign the S3 bucket to the backup by selecting the S3 resource.
(Optional) You can refine your selection using tags.
Choose Assign resources.

Notes:

The backup frequency is ignored for continuous backups.
You can monitor the status of the backups in Jobs section of the AWS Backup console.

For more information on each of the components involved in creating backup plan, see Create a scheduled backup.

Create a periodic backup

To create a periodic backup for Amazon S3, you can either have on-demand or scheduled backups.

To create scheduled backups, follow the preceding steps for Create a continuous backup but don't choose the Enable continuous backups for point-in-time recovery (PITR).

For creating on-demand backup jobs, see Create an on-demand backup.

Note: Periodic backups run based on the Backup frequency in your backup plan.

Related information

Working with continuous backups

Topics

Storage

Relevant content

S3 continuous backup growing month over month
Silverorange
asked 8 months ago
S3 AWS Backup - Understanding scheduling & incremental & continuous backup
rePost-User-9713910
asked a year ago
Cannot create S3 Backup using AWS Backup
AWS-User-6439945
asked 2 years ago
s3 backup error to aws backup
Kanav
asked a year ago
How do you estimate cost for AWS Dynamodb continuous backup ?
Accepted Answer
apoon
asked 10 months ago
How can I stop an Amazon RDS continuous backup in AWS Backup?
AWS OFFICIALUpdated 10 months ago
How do I troubleshoot common errors for Amazon S3 backups that are failing in AWS Backup?
AWS OFFICIALUpdated 8 months ago
How can I restore a previous version of an Amazon S3 object in AWS Backup?
AWS OFFICIALUpdated 9 months ago
How do I export an ElastiCache for Redis backup to Amazon S3?
AWS OFFICIALUpdated 3 months ago
Recovering a VMware Cloud on AWS VM backup to EC2 using AWS Backup
EXPERT
apylnev
published a year ago