Skip to content

SYSTEM Cited by 1 source

AWS Backup

Definition

AWS Backup is AWS's unified backup control plane — a single managed service that consolidates data-protection across AWS services behind one configuration / policy / vault surface. Instead of configuring snapshots / backups / replication service-by-service (EBS snapshots in the EC2 console, RDS automated backups in the RDS console, etc.), AWS Backup lets you define backup plans that span resource types and execute them on schedules, into vaults, under policies, with governance + audit centralised.

"AWS Backup takes this further, tying together many of these disparate backup technologies, giving a single plane of glass to configure data backup plans across resources." (Source: sources/2026-03-31-aws-streamlining-access-to-dr-capabilities)

Primitives

  • Vaults — secure backup storage destinations; support vault lock (immutable, WORM-style) for ransomware-resistant retention.
  • Backup plans — rule sets (schedules + lifecycle + destination vault + copy-to-another-region/account) applied to a set of resources via selection (tags, explicit ARNs).
  • Policies — governance / compliance controls; what must be backed up, retention windows, cross-region/cross-account copy requirements.
  • Schedules — cron-like recurrence for backup jobs.

Role in the DR ladder

Maps to the backup-and-restore tier of the DR ladder — the lowest tier, lowest steady-state cost, hours-to-days RTO. For compute-intensive lower-RTO tiers, pair with AWS DRS or partner orchestration. For automated restore workflows, pair with EventBridge + Lambda (the canonical "Backup and Restore with Rapid Recovery" pattern — see patterns/backup-and-restore-tier).

Cross-Region and cross-account copy

AWS Backup adds two DR axes natively:

  • Cross-Region copy — backup artefact replicated to a different AWS Region as a fault-isolation boundary.
  • Cross-account copy — backup artefact replicated to a different AWS account. This is the clean-room recovery account mechanism for ransomware / compromise recovery — the destination account has distinct credentials unreachable from the (potentially compromised) source.

Both axes compose — you can copy to a different Region and a different account simultaneously.

Closing native-service coverage gaps

AWS Backup added first-party backup support for services that previously lacked it in their native consoles:

  • Amazon EFS — no native backup before AWS Backup; now first-class.
  • Amazon FSx — no native backup before AWS Backup; now first-class.
  • Amazon DynamoDB — had on-demand + PITR but no cross-Region backup until AWS Backup added the ability.

Source quotes: "AWS Backup also added backup capabilities for AWS resources that previously didn't have them such as Amazon Elastic File System (Amazon EFS) and Amazon FSx ... It even enabled cross-Region backup for services like Amazon DynamoDB, which previously didn't have that capability."

Supported services also include Amazon RDS (automated backups, manual snapshots, cross-Region snapshot copies), EBS volumes, S3 buckets (S3 Replication as the underlying data-movement primitive), Aurora, and others.

Relationship to per-service mechanisms

AWS Backup composes with per-service backup mechanisms rather than replacing them. Native RDS automated backups still exist; S3 Cross-Region Replication still exists; EBS snapshots still exist. AWS Backup provides a unified control plane over these primitives plus new coverage for the gaps. The post's Figure 1 explicitly illustrates this as RDS's multi-destination fanout (automated backups / snapshot copy cross-Region / snapshot copy cross-account / Backup-vault copies / read replicas).

Seen in

  • sources/2026-03-31-aws-streamlining-access-to-dr-capabilities — canonical wiki reference. AWS Backup framed as the data-protection building block below AWS DRS in the layered DR architecture; named EFS / FSx first-party coverage and DynamoDB cross-Region backup capability gaps closed; pairs with EventBridge + Lambda for automated restore workflows.
Last updated · 200 distilled / 1,178 read