aws-backup

Create a backup vault

$ aws backup create-backup-vault --backup-vault-name [vault_name]

$ aws backup create-backup-plan --backup-plan [file://plan.json]

$ aws backup start-backup-job --backup-vault-name [vault] --resource-arn [arn] --iam-role-arn [role_arn]

$ aws backup list-backup-vaults

$ aws backup list-recovery-points-by-backup-vault --backup-vault-name [vault]

$ aws backup start-restore-job --recovery-point-arn [arn] --iam-role-arn [role_arn] --metadata [restore_metadata]

aws backup command [options]

AWS Backup is a unified, fully managed backup service designed to protect AWS resources and their associated data across multiple AWS services. It centralizes and automates backup operations, eliminating the need to create custom scripts and manual processes for each AWS service.
The service simplifies backup management by providing:

Centralized Backup Management - Create backup plans with retention policies and schedules that apply across AWS services including Amazon EBS, Amazon RDS, Amazon DynamoDB, Amazon EFS, Amazon FSx, AWS Storage Gateway, Amazon EC2, and more

Policy-Based Backup Plans - Define backup policies that specify frequency, retention, and lifecycle rules, automatically applying them to resources via tags or resource IDs

Cross-Region and Cross-Account Backup - Copy backups to different AWS regions or accounts for disaster recovery and compliance requirements

Backup Vaults - Organize and secure recovery points in encrypted vaults with access policies and resource-based permissions

Compliance and Audit - Monitor backup activity through AWS Backup Audit Manager frameworks, generate compliance reports, and track backup coverage across your organization

create-backup-vault

Create a vault to store recovery points

Delete an empty backup vault

List all backup vaults in the account

Create a backup plan with rules and schedules

Modify an existing backup plan

Remove a backup plan

List all backup plans

Define which resources a backup plan applies to

Initiate an on-demand backup for a resource

Cancel a running backup job

View backup job history and status

Restore a resource from a recovery point

View restore job history and status

List all recovery points in a vault

Delete a specific recovery point

Copy a recovery point to another vault or region

Create compliance framework for backup auditing

Generate reports on backup activity and compliance

Apply legal hold to prevent deletion of recovery points

Configure vault access permissions

Add tags to backup resources for organization

IAM roles with appropriate permissions are required for backup and restore operations. Some services require specific backup configurations or have limitations on restore options. Cross-region copy incurs data transfer costs. Deleting a vault requires it to be empty of all recovery points.

AWS Backup was announced at AWS re:Invent 2018 and launched in January 2019 as a centralized backup service. Over time, it expanded support to include more AWS services and added features like cross-account backup, audit frameworks, and legal hold capabilities.

aws-s3(1), aws-rds(1), aws-dynamodb(1), aws-efs(1), aws(1)