StackZone AWS Backup Vault

The StackZone AWS Backup feature helps you automate schedules backups of your EC2 Instances, EBS / EFS Volumes, RDS / Aurora Instances and DynamoDB tables. All you need to do is create a Tag Value on your AWS resource with "daily", "weekly" or "monthly" which dictates the schedule, along with a corresponding Tag Key and the AWS Backup feature will ensure a backup of your AWS resource is taken depending on your chosen period.

But what is AWS Backup?

AWS Backup offers a cost-effective, fully managed, policy-based service that further simplifies data protection at scale. AWS Backup also helps you support your regulatory compliance or business policies for data protection. AWS Backup provides automated backup schedules, retention management, and lifecycle management, removing the need for custom scripts and manual processes.

For more information about the AWS Backup Service - be sure to head over to read their official documentation on the AWS site.

There are a number of parameters which you can define, in order to customize how StackZone AWS Backup works for you.

You can set your own Tag Key which is applied to the resources you want to add to a Backup Plan. By default this is set to 'backup' but you can define your own Tag Key if you so desire within the StackZone UI.

You may also specify the number of days you wish to retain AWS Backups for each Daily, Weekly and Monthly plan periods. By default, Daily backups have a 30 day retention period, Weekly backups have a 120 day retention period and Monthly backups have a 365 day retention period.

Also within the StackZone UI, you can define an email address to receive AWS Backup Notifications to. This will ensure you are informed for any Backup Notifications created by this feature.

StackZone will create a number of resources in order for the "Backup By Tag" Feature to function properly. We will first create an SNS Topic and the relevant SNS Subscriptions in order to notify you of Backup Notifications, along with a KMS key which will act as the encryption key for your Backups, stored in your Backup Vault.

As you can see from the image above, we create 3 Backup Plans which can be found alongside your Vault inside AWS Backup Service.

Each plan is clearly named, and you can see further into the details of each plan by clicking into it via the AWS Console.

DailyBackupPlan - Runs daily backup at 05:00 UTC

WeeklyBackupPlan - Runs weekly backups at 03:00 UTC, only on Sundays

MonthlyBackupPlan - Runs once a month at 03:00 UTC, first day of the month.

Now, providing our Tag Key is still the default value of "backup", we can start tagging our EC2 Instances, EBS / EFS Volumes, RDS / Aurora Instances, or DynamoDB Tables to add them to our AWS Backup Plans.

Here we see an example EC2 Instance resource with the tags applied. As the Tag Value is "daily" this means the resource will be added to the BackupPlanWithDailyBackups AWS Backup Plan. If you have an EBS Volume attached to an EC2 Instance & the Instance is tagged with the backup tag - there is no need to additionally tag your EBS Volume, as you will then end up with two EBS Snapshots occurring.

If we head on over to the AWS Backup Dashboard we can see the results. In the left hand side menu, choose Backup Vaults and you will see a list of all available vaults within your current region.

BackupVaultWithAllBackups is the name of the vault which StackZone created for you, and all backups inside are encrypted with your KMS Key created specifically for this feature. You can see from this one, that there are 271 backups located inside. These are all the Backups of tagged resources in our AWS Account. There was likely more! But due to the retention period - some are deleted as they are too old. This saves your costs as you are holding less backups in your vault - holding only what you need for your configured retention period.

Now - imagine how long it would have taken to manually take 271 backups across your estate of EC2, EBS, RDS / Aurora Instances and DynamoDB Tables!

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here