What is AWS Backup?
AWS Backup is a fully managed service that centralizes and automates data protection across AWS services and hybrid workloads. It offers a cost-effective, policy-based, and fully managed solution that simplifies data protection.
Key Concepts
1. Centralized Backup
- One place to configure backups for: EC2, EBS, RDS, DynamoDB, EFS, S3, Neptune, DocumentDB, and Storage Gateway.
2. Backup Plans
- Define your backup frequency (e.g., daily), window (e.g., 2 AM), and retention (e.g., keep for 30 days).
3. AWS Backup Vault Lock
- Provides Write-Once-Read-Many (WORM) capability.
- Prevents anyone (including administrators) from deleting or altering backups during the retention period. Critical for compliance.
4. Cross-Region & Cross-Account
- You can copy backups to another AWS Region for Disaster Recovery (DR).
- You can copy backups to another AWS Account for security isolation.
Exam Tips
[!TIP] "Centralized View": If the question asks for a single service to manage backups across multiple AWS services (EC2, RDS, DynamoDB), choice is AWS Backup.
[!WARNING] Don't confuse with Data Lifecycle Manager (DLM). DLM is simpler and mostly for EBS snapshots. AWS Backup is broader and the enterprise standard.
[!IMPORTANT] Regulatory Compliance: Use Vault Lock to ensure backups cannot be deleted to meet legal/compliance requirements (e.g., FINRA, HIPAA).
Common Use Cases
- Disaster Recovery: Automating cross-region backup copies.
- Ransomware Protection: Protecting backups from malicious deletion using Vault Lock.
- Compliance: Proving to auditors that you have a consistent backup policy across all resources.