hamburger icon close icon
AWS Backup

How to Back Up S3 Data using AWS Backup

AWS Backup is an AWS service introduced to provide a centralized cloud-based backup solution to automate data and metadata protection across AWS services. AWS Backup provides a wide range of features, all available in one place, such as monitoring backup activities and configuring backup policies for all AWS accounts and resources.

Using AWS Backup with S3 storage offers a solution that can instantly recover S3 backups after data loss due to failure scenarios such as bugs, accidental deletions, or malware attacks. It also provides a cost-effective solution that removes the need of maintaining custom scripts and manual processes for end-to-end S3 data protection.

In this blog, we’ll look at AWS Backup’s features, walk you through the steps for backing up S3 data, and examine some of its limitations.

Jump ahead to one of the sections in this blog:

AWS Backup Features

The rapid growth of data has made it difficult to maintain backups with traditional methods. To resolve this, cloud platforms like AWS have provided better backup solutions with improved scalability, durability, availability, security, and cost-effectiveness. AWS Backup is a fully automated, policy-based data protection solution with backup monitoring and alerting capabilities. It provides backups for all data types and maintains audits and compliance programs as per the requirements. Some of the notable features of AWS Backup are:

Automated scheduling and retention management

AWS Backup allows you to schedule automated backups and customize them according to your business backup requirements. It also provides predefined backup schedules, among which you can choose a schedule based on your requirements.

Additionally, AWS Backup enables you to set backup retention policies to automatically retain backups and expire them according to your business backup requirements. As a result, businesses can reduce their backup storage costs through the use of backup retention management as you’re able to retain the backup for as long as needed.

Centralized monitoring

AWS Backup provides a centralized dashboard that provides a simple way of backup monitoring across all AWS services. AWS Backup can be used along with services like AWS CloudTrail, Amazon Simple Notification Service, CloudWatch, and others to monitor and analyze backup processes and metrics.

Incremental backups

AWS Backup service generates backups in an incremental periodic manner. It generates the first backup as a full copy of your resource data, then for each subsequent backup, it only provides a backup for the new changes. This feature also helps minimize storage costs and backup times while still protecting your data with frequent backups.

Backup encryption

AWS Backup provides a comprehensive encryption solution that encrypts the backup data at rest and in transit. It performs encryption using AWS Key Management Service (KMS) to secure the backup data of your applications.

Audit management

AWS Backup audit manager allows you to audit and report the compliance of your AWS Backup policies. It provides built-in compliance controls that are customizable based on your data protection policies. It can also automatically detect violations in the specified data protection policies and suggests corrective measures.

Backing Up S3 Data with AWS Backup

Many organizations use AWS S3 Storage as their backup store for storing artifacts such as code backup and data dumps. Since AWS announced backup support for S3, it has come as a relief for customers who previously had to rely on manual strategies such as storing S3 data in multiple accounts and multiple regions for safety.

Let’s look at how we can back up S3 buckets using AWS Backup. This can be done by using AWS CLI, SDKs, or AWS Console. For this example, we’ll be using the AWS console.

  1. Create a new, or use an existing S3 bucket with a temporary file you want to back up. Here, we have an S3 bucket named s3-aws-backup-demo with one file named S3_temp_file.txt.

AWS S3 bucket

Prerequisite: The bucket you plan to backup should have versioning enabled. See below the versioning enabled for our S3_backup_demo bucket.


AWS S3 bucket versioning enabled

  1. Navigate to AWS Backup from your AWS console and go to Dashboard.

Creating On-Demand AWS Backup of S3 bucket

  • In the dashboard, you can create a backup plan or create an on-demand backup. Click on Create an on-demand backup.
  • In the resource type, select S3.
  • Under bucket name, you may select a specific bucket or select all buckets.
  • Select the Create backup now checkbox. This will start the backup straight away. Choose a different time if you don't wish to back up immediately.
  • From the Retention period dropdown menu, select an appropriate option according to your needs. This will allow AWS to automatically delete your backup after a specified retention period and save on storage costs.
  • To secure objects with S3 encryption, select Backup vault. You can choose any existing one or create a new one. To create a new backup vault click on Create new Backup vault and enter the Backup vault name and the encryption key. Here, we are creating a new backup vault with the name S3_backup_vault and the default encryption key.

Creating a new backup vault for AWS Backup

  • Under the IAM role option, you can select any existing role that has sufficient permissions to backup and restore S3 buckets. You can also select Default role, which will create a new role with the right permissions for you.
  • If you want to add some tags to the backup, type in the Key and Value and click on Add tag.
  • Click on Create an on-demand backup. This will now direct you to the jobs page for this backup.
  • The job will take some time depending on the size of the buckets you’re backing up. You’ll see the status as “running” while AWS is backing up the selected buckets. Once the backup is done, the job status will be listed as “completed.”
  1. You can now navigate to the Protected resources section to see the backup point you created. This backup point can be used to restore the S3 files anytime until the set retention period.

AWS S3 bucket as a protected resource

Take note that the example here is a one-time backup, meaning that this will not back up any newly added files to the bucket or any changes to the existing files. To do that you can easily set the backup plan and continuously backup your buckets with the frequency you need.

Limitations of AWS Backup for S3

Although AWS Backup support for S3 is a great feature, using it still comes with certain limitations:

  • AWS S3 Backup is not yet available in several regions, including: South America (São Paulo), Asia Pacific (Jakarta), China (Beijing), China (Ningxia), AWS GovCloud (US-West), AWS GovCloud (US-East)
  • The AWS Backup can be used only for buckets with less than 3 billion objects
  • Cold storage transitions of S3 backups aren’t yet supported
  • The bucket configurations such as name, policy, and settings can’t be backed up
  • Server-side encryption with customer-provided keys (SSE-C) encryption is not supported
  • AWS Outposts is not supported
  • S3 buckets having the same objects with multiple versions created simultaneously are not supported
  • May not be able to capture all the intermediate states of metadata when you update an ACL or a tag multiple time within 1 minute
  • The following metadata is not supported: original creation date, version ID, storage class, e-tag.


AWS Backup is a good option for centralized, fully automated, and encrypted backup storage. NetApp BlueXP backup and recovery offers the best solution for NetApp Cloud Volumes deployments and on-premises ONTAP clusters. With the BlueXP replication capability, backups can be automatically generated, transferred and stored in a highly durable cloud-based object storage.

New call-to-action
Sudip Sengupta, Technical Consultant

Technical Consultant