Create Backup Plan

A well thought out backup strategy is key to an organization’s success and is determined by a variety of factors. The biggest factors influencing a backup strategy is the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) set for the workload. RTO and RPO are determined based on the criticality of the workload to the business, the SLAs that have been agreed upon, and the cost associated with achieving the RTO and RPO. RTO and RPO should be specific to each workload and not set for the entire organization/infrastructure.

In this lab, you will create a backup strategy by leveraging AWS Backup, a fully managed backup service that can automatically backup data from EBS Volumes, RDS Databases, DynamoDB Tables, EFS File Systems, EC2 Instances, and Storage Gateways.

  1. Sign in to the AWS Backup console -



  3. Select the option to BUILD A NEW PLAN.

  4. Specify a Backup plan name such as BACKUP-LAB.



  6. To set a SCHEDULE for the backup, you can specify the FREQUENCY at which backups are taken. You can enter frequency as every 12 hours, Daily, Weekly, or Monthly. Alternatively, you can specify a custom CRON EXPRESSION for your backup frequency. For this exercise, select the FREQUENCY as DAILY.

  7. Once frequency has been established, you will need to specify a backup window - a period of time during which data is being backed up from your data sources. Keep in mind that creating backups could cause you data sources to be temporarily unavailable depending on the underlying configuration of those resources. It is best to create backups during scheduled downtimes/maintenance windows when user impact is minimal. For this exercise, select Use backup window defaults - recommended. The default backup window is set to start at 5 AM UTC time and last 8 hours. If you need to schedule backups at a different time, you can customize the backup window.


  8. You can set lifecycle policies for your backups to transition them to cold storage or to expire them after a period of time to reduce costs and operational overhead. This is currently supported for backups of EFS only. For this exercise, set the values for Transition to cold storage and Expire both to NEVER.

  9. Under BACKUP VAULT, click on CREATE NEW BACKUP VAULT. It is recommended to use different Backup Vaults for different workloads.


  10. On the pop-up screen, specify a BACKUP VAULT NAME such as BACKUP-LAB-VAULT.

  11. You can choose to encrypt your backups for additional security by specifying a KMS key. You can choose the default key created and managed by AWS Backup or specify your own custom key. For this exercise, select the default key (default) aws/backup.



  13. Additionally, you can choose to have your backups automatically copied to a different AWS Region.

  14. You can add tags to your recovery points to help identify them.

  15. Click CREATE PLAN.


Once the backup plan and the backup rule has been created, you can specify resources to back up. You can select individual resources to be backed up, or specify a tag (key-value) associated with the resource. AWS Backup will execute backup jobs on all resources that match the tags specified.

  1. Click on BACKUP PLANS from the menu on the left side of the screen.

  2. Select the backup plan BACKUP-LAB that you just created.


  3. Scroll down to the section titled RESOURCE ASSIGNMENTS and click on ASSIGN RESOURCES.


  4. Specify a RESOURCE ASSIGNMENT NAME such as BACKUP-RESOURCES to help identify the resources that are being backed up.

  5. Leave the DEFAULT ROLE selected for IAM ROLE. If a role does not already exist, the AWS Backup service will create one with the necessary permissions.

  6. Under ASSIGN RESOURCES, you can specify resources to be backed up individually by specifying the RESOURCE TYPE and RESOURCE ID, or select TAGS and enter the TAG KEY and the TAG VALUE. For this lab, select TAGS as the value for ASSIGN BY, and enter workload as the KEY and myapp as the VALUE. This tag and value was created by the CloudFormation stack. Remember that tags are case sensitive and ensure that the values you enter are all in lower case.



You have successfully created a backup plan for your data sources, and all supported resources with the tags WORKLOAD-MYAPP will be backed up automatically, at the frequency specified. In case of a disaster, these backups can be used to recover data to ensure business continuity. Since the entire process is automated, it will save considerable operational overhead for your Operations teams.