AWS Backup offers fully-managed data protection with automation features for both cloud and on premises assets. It lets you set up backup policies, automate backups, and monitor backup activity in one centralized interface. There is no need to create custom scripts or perform manual processes.
AWS Backup uses Recovery Services Vaults to organize backup copies. You can configure AWS Key Management Service (AWS KMS) encryption keys to encrypt backup copies located in each vault. Additionally, the vault lets you control access to backup copies. You can keep all backups in one vault or create multiple vaults (each with its own encryption keys and access policies).
In this article, you will learn:
AWS Backup automatically creates a default backup vault, which you can use “as-is”. Alternatively, you can create a custom Azure Recovery Services vault for your backups.
To create a backup vault:
The Amazon Identity and Access Management (IAM) service can help you control access to your AWS resources. You can use IAM to control who can sign in (authentication) and what actions the user can perform (authorization) on AWS resources.
In AWS, a policy is an object that lets you define permissions for associated resources or identities. To restrict access to a resource, you can either use a resource-based policy or an identity-based policy. Here is how the two policies differ:
AWS Backup lets you assign policies to each backup vault and all resources kept in the vault. Policies can define which users can access vaults, define backup plans, perform on-demand backups, or delete backup recovery points.
To create a resource-based access policy:
This policy can help you prevent the deletion of backups stored in a backup vault.
Here are two ways to customize your policy:
To allow a list of multiple IAM identities to use their ARN, you specify the aws:PrincipalArn global condition key, as shown in the example below.
To limit the policy it to a specific resource type, replace "Resource": "*", with the recovery point types you want to deny. The example below shows how to allow access for Amazon EBS snapshots:
4. Select the Attach policy option.
To protect against malicious or accidental mass deletion, AWS Backup lets you delete a backup vault only after all recovery points are deleted. You can manually delete recovery points, or let a lifecycle policy automatically perform this task.
You can delete AWS resources that you restored from a recovery point, by accessing the AWS Console and navigating to the specific service you restored.
To delete recovery points from a backup vault:
Note: You must Keep your browser open until you see a green success sign displayed at the top of the page. Closing the browser prematurely ends the deletion process and some recovery points may not be deleted.
To delete a backup vault through the AWS Backup console:
NetApp Cloud Backup is a backup and restore service for NetApp Cloud Volumes deployments and on-premises ONTAP clusters. Integrated into NetApp Cloud Manager, Cloud Backup is easily enabled, automated, and scaled allowing you to keep your data safe and compliant, overcoming traditional industry challenges.
Leveraging NetApp’s SnapMirror Cloud replication technology, backups are transferred and stored in a highly durable cloud-based object storage. Backups are automatically generated and stored in an object store within your cloud account, independent of volume Snapshot copies used for near-term recovery or cloning, so that you can effortlessly restore data anytime and to anywhere you need it.
By preserving storage efficiencies and performing block level incremental updates forever, Cloud Backup guarantees minimal data footprint to transfer, leading to optimal bandwidth consumption, reduced performance impact on production and meeting SLA.
The highest level of security as backup copies are stored in your own object storage. As well, data is end-to-end encrypted with AES-256-bit encryption at-rest and with TLS 1.2 HTTPS connections when in-flight.