Backups

AWS Automated Backups

~ Last updated on : ~ jayendrapatil ~ 9 Comments

AWS Automated Backups

  • AWS provides automated backup capabilities across multiple services, either natively or through AWS Backup — a fully managed, centralized backup service.
  • Services with native automated backups include:
  • Amazon Data Lifecycle Manager helps automate EC2 EBS volume snapshots and AMI management
  • AWS Backup provides centralized, policy-based backup across 20+ AWS services including EC2, EBS, RDS, Aurora, DynamoDB, EFS, S3, FSx, EKS, Redshift Serverless, DocumentDB, Neptune, Timestream, and more.
  • AWS stores the backups and snapshots in S3

AWS Backup (Centralized Backup Service)

  • AWS Backup is a fully managed service that centralizes and automates data protection across AWS services and hybrid workloads.
  • Supports 20+ AWS services: EC2, EBS, RDS, Aurora, Aurora DSQL, DynamoDB, EFS, S3, FSx, Storage Gateway, DocumentDB, Neptune, Redshift (Provisioned and Serverless), Timestream, EKS, CloudFormation, SAP HANA, and VMware VMs.
  • Key Features:
    • Backup Plans — define schedules, retention rules, and lifecycle policies; supports frequencies as often as every hour.
    • Cross-Region and Cross-Account Copy — automatically replicate backups for disaster recovery.
    • Logically Air-Gapped Vaults (2024) — immutable, deletion-protected backup storage for ransomware recovery. Supports multi-party approval and direct restore.
    • Backup Audit Manager — audit and report on compliance of data protection policies.
    • Restore Testing — validate recoverability by scheduling automated restore tests.
    • GuardDuty Integration — automated malware scanning of recovery points for EC2, EBS, and S3 backups.
    • Cold Storage Tiering — transition backups to lower-cost cold storage (DynamoDB, EBS, EFS).
  • 2025 Updates:
    • Support for Amazon Redshift Serverless (April 2025)
    • Support for Amazon EKS clusters including persistent storage
    • Single-action cross-Region database snapshot copies to logically air-gapped vaults (Aurora, Neptune, DocumentDB)
    • Enhanced resource selection with tag-based exclusions in Organizations policies
    • Primary backup support directly in logically air-gapped vaults (reduces costs vs. copy-based approach)

RDS Backups

  • RDS supports automated backups as well as manual snapshots
  • Automated Backups
    • enable point-in-time recovery of the DB Instance
    • perform a full daily backup and capture transaction logs (as updates to your DB instance are made)
    • are performed during the defined preferred backup window and retained for a user-specified retention period (default 1 day, max 35 days)
    • When a point-in-time recovery is initiated, transaction logs are applied to the most appropriate daily backup to restore the DB instance to the specific requested time.
    • allows a point-in-time restore to any second during the retention period, up to the Latest Restorable Time (typically within the last 5 minutes)
    • are deleted when the DB instance is deleted
    • Cross-Region Automated Backup Replication — replicates snapshots and transaction logs to a destination AWS Region for disaster recovery. Supports point-in-time recovery in the secondary region.
  • Snapshots
    • are user-initiated and enable backing up the DB instance in a known state as frequently as needed, and can be restored to that specific state at any time.
    • can be created with the AWS Management Console or by using the CreateDBSnapshot API call.
    • are not deleted when the DB instance is deleted
    • can be copied across regions and shared with other AWS accounts
  • Automated backups and snapshots can result in a performance hit, if Multi-AZ is not enabled
  • AWS Backup can manage both RDS and Aurora backups centrally with cross-account and cross-Region copy capabilities.

DynamoDB Backups

  • DynamoDB Point-in-Time Recovery (PITR) provides continuous backups of table data.
  • When enabled, allows restore to any second within the configured recovery period.
  • Configurable recovery period (Jan 2025) — PITR period can now be set between 1–35 days per table (previously fixed at 35 days), allowing cost optimization for tables needing shorter retention.
  • PITR pricing is based on table size and local secondary indexes, not the recovery period duration.
  • DynamoDB also supports on-demand manual backups that are retained until explicitly deleted.
  • AWS Backup provides advanced DynamoDB features: cross-Region/cross-account copy, cold storage tiering, and tag-based cost management.

ElastiCache Automated Backups

  • ElastiCache supports automated backups (snapshots) for Valkey, Redis OSS, and Serverless Memcached caches.
  • Note: AWS recommends Valkey as the preferred engine — an open-source, vendor-neutral alternative to Redis OSS maintained by the Linux Foundation. Valkey 9.0 is available as of May 2026.
  • ElastiCache creates a daily backup of the cache during the configured backup window.
  • Snapshot operations may degrade performance, so backups should be scheduled during the least busy part of the day.
  • Backups are retained for the backup retention limit defined, with a maximum of 35 days.
  • ElastiCache also allows manual snapshots of the cache.
  • ElastiCache Serverless supports backups via RDB files compatible with Valkey 7.2+ and Redis OSS 5.0+.
  • Memcached (non-serverless) does NOT support backups.

Redshift Automated Backups

  • Amazon Redshift enables automated backups by default.
  • Redshift continuously backs up data to S3 and retains automated backups for 1 day (extendable to max 35 days).
  • Backups are incremental — only changed data since the last snapshot is backed up, minimizing storage usage.
  • Redshift also allows manual snapshots of the data warehouse.
  • Cross-Region Snapshot Replication — automated snapshots can be replicated to another AWS Region for disaster recovery.
  • Redshift Serverless — supports both automated recovery points and manual snapshots. Recovery points are created approximately every 30 minutes and retained for 24 hours.
  • AWS Backup Integration (April 2025) — AWS Backup now supports Redshift Serverless, enabling centralized backup management alongside provisioned clusters.
  • Incremental Snapshot Billing (June 2026) — new billing model for manual snapshots on Redshift Serverless and Redshift RG charges only for unique data blocks across active snapshots, reducing costs.
  • Default security enhancements (2025): newly created clusters and restored snapshots now have encryption enabled by default and public accessibility disabled.

EC2 EBS Backups

  • EBS volume snapshots can be automated using Amazon Data Lifecycle Manager (DLM)
  • DLM supports:
    • Scheduled snapshot creation with custom cron expressions or preset frequencies
    • Automated retention and deletion policies
    • Cross-Region and cross-account snapshot copy
    • Application-consistent snapshots — uses pre/post scripts via AWS Systems Manager documents for database-consistent backups (e.g., SAP HANA, SQL Server)
    • AMI lifecycle management (creation and deregistration)
  • EBS snapshots can also be created manually via the AWS Console, CLI, or APIs
  • EBS Snapshots are incremental and block-based — they consume space only for changed data after the initial snapshot
  • Data can be restored from snapshots by creating a new volume from the snapshot
  • EBS snapshots are region-specific and can be copied between AWS regions
  • EBS Snapshot Archive — move infrequently accessed snapshots to archive tier for up to 75% cost savings (minimum 90-day archive period)
  • Recycle Bin — protects against accidental deletion by retaining deleted snapshots, AMIs, and EBS volumes for a configured period. Supports tag-based exclusions (Nov 2024) and EBS volume recovery (Nov 2025).
  • Stored on S3 (managed by AWS, not visible in customer S3 buckets)
  • AWS Backup can also manage EBS snapshots centrally as an alternative to DLM.

AWS Certification Exam Practice Questions

  • Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
  • AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
  • AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
  • Open to further feedback, discussion and correction.
  1. Which two AWS services provide out-of-the-box user configurable automatic backup-as-a-service and backup rotation options? Choose 2 answers
    1. Amazon S3
    2. Amazon RDS
    3. Amazon EBS
    4. Amazon Redshift
  2. You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts. Which task would be best accomplished with a script?
    1. Creating daily EBS snapshots with a monthly rotation of snapshots
    2. Creating daily RDS snapshots with a monthly rotation of snapshots
    3. Automatically detect and stop unused or underutilized EC2 instances
    4. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

    Note: This question is outdated. Amazon Data Lifecycle Manager and AWS Backup now automate EBS snapshot creation and rotation without custom scripts.

  3. A company wants to centrally manage backups across multiple AWS services including EC2, RDS, DynamoDB, and EFS. Which AWS service should they use?
    1. Amazon Data Lifecycle Manager
    2. AWS Storage Gateway
    3. AWS Backup
    4. Amazon S3 Lifecycle Policies
  4. Which feature of AWS Backup helps protect against ransomware by providing immutable, deletion-protected backup storage?
    1. Backup Vault Lock
    2. Logically Air-Gapped Vault
    3. Cross-Region Copy
    4. Cold Storage Tiering
  5. A company needs to protect EBS snapshots from accidental deletion while keeping costs optimized for infrequently accessed snapshots. Which combination of features should they use? (Choose 2)
    1. EBS Snapshot Archive
    2. S3 Glacier Deep Archive
    3. Recycle Bin
    4. EBS Fast Snapshot Restore
  6. A company wants to replicate their RDS automated backups to another AWS Region for disaster recovery purposes. Which feature should they enable?
    1. Read Replica in the target Region
    2. Cross-Region Automated Backup Replication
    3. AWS Backup with cross-Region copy rule
    4. Manual snapshot copy via Lambda

    Note: Both options B and C are valid approaches. Cross-Region Automated Backup Replication is the native RDS feature, while AWS Backup provides centralized management.