AWS Backup retention policies with incremental backups

Question

Got a few related questions to do with AWS backup:
1) I'm setting up some daily periodic backup policies for an EBS volume and an S3 bucket, with a retention period of 7 days

a) It is my understanding that AWS Backup will create a full backup for the first backup, and then automatically use incremental for the rest - i.e Monday will be a full backup, and then Tuesday - Sunday will all be incrementals based on the Monday full backup. Is this correct?

b) It's also my understanding that the following Monday, when the first (full) backup reaches it's retention period and is deleted, a new full backup will be made. How does this work? Does it convert the backup from the Tuesday into a full backup and then make the new backup an incremental? Or does it create a brand new full backup as the last one has been deleted (if so, does this mean that I can no longer restore from the previous week as the full backups these incrementals are based off are gone)? Does this also mean there is a period when I'm not backed up fully whilst the next full backup is created, or is AWS Backup smart enough to create the new full backup before the retention period for the original expires?

2) Say I decide to create monthly periodic backups for both. I create these on the first day of the month, with a retention period of ~35 days (just enough that they overlap by a few days in case of issue). 
a) Will the second monthly backup be an incremental on the first, or will it be a full as the first is going to expire within the lifetime of the second?
b) Will my daily backups start to use the monthly backup as the full backup to base incrementals off, or will they manage their own full backup? My reasoning here behind this is that if we're 3 weeks into a month, the first week of incremental backups have expired, so there won't be a full chain of incremental backups since the last full backup (unless the incrementals are always based off the full, rather than incremental on each other?)

re:Post Agent · Accepted Answer

Let me address your questions about AWS Backup retention policies with incremental backups:

1a) Yes, your understanding is correct. AWS Backup creates a full backup for the first backup of a resource, and subsequent backups are incremental, capturing only the changes since the previous backup. For your EBS volume and S3 bucket, the Monday backup would be full, and Tuesday through Sunday would be incremental backups.

1b) AWS Backup maintains the necessary reference data to allow full restores even when the original full backup expires. When your Monday full backup reaches the end of its 7-day lifecycle and is deleted, you can still perform complete restores using the incremental backups from the remaining days. AWS Backup preserves the reference data needed to reconstruct a full backup from the incremental backups. There is no period when you're not fully protected - the system is designed to maintain restore capability throughout the retention period without gaps in protection.

2a) For your monthly backups with a 35-day retention period, the second monthly backup would still be incremental if it's for the same resource and stored in the same backup vault. AWS Backup will make it incremental to the first monthly backup, even though the first one will expire during the lifetime of the second.

2b) Your daily and monthly backup plans operate independently. The daily backups will create their own full backup initially and then continue with incremental backups based on that cycle. They won't automatically use the monthly backup as their base. Each backup plan maintains its own chain of backups.

It's important to note that all backups made with AWS Backup retain the necessary reference data to allow a full restore, regardless of whether the original full backup is still available. This ensures you can always restore your data completely throughout the retention period.  
**Sources**  
[Backup creation by resource type - AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-backup.html)  
[Backup plans - AWS Backup](https://docs.aws.amazon.com/aws-backup/latest/devguide/about-backup-plans.html)  
[Protecting your critical Amazon EBS volumes using AWS Backup | AWS Storage Blog](https://aws.amazon.com/blogs/storage/protecting-your-critical-amazon-ebs-volumes-using-aws-backup/)

Leo K · Answer

One very important thing you need to be careful with is that the "complete within" parameter of the backup plan must be long enough to accommodate the completion of the initial full backup. If it isn't, you'll easily see it as a backup job that failed because of a timeout, but importantly both from the points of view of having backups available and only paying for what you need, if the initial full backup fails because of a timeout, the next backup will also be a full backup, and in all likelihood, it'll fail with a similar timeout. You'll end up paying for the S3 request and AWS Backup costs for each attempt, but none of them will produce a working backup, only possibly excessive costs that keep getting repeated every day that the initial full backup is reattempted.

You should set the "complete within" parameter to a high enough value and preferably with a safety margin of 3:1 or better. For example, if the full backup takes 27 or 35 hours, consider setting the "complete within" timeout to 5-7 days. S3's per-partition API call limits apply both to your own applications' use of the bucket and access by AWS Backup, so any single backup round isn't necessarily representative of later backups, because other traffic might be different.

Also, it's strongly advisable to monitor your backups and take action quickly if particularly any of the initial full backups fail.

AWS Backup retention policies with incremental backups

Add your answer

Relevant content