Veeam Backup for AWS 8.0
User Guide
Related documents
Search

Configuring Image-Level Backup Settings

In the Backups section of the Targets step of the wizard, you can instruct Veeam Backup for AWS to create image-level backups of the processed DB instances and to copy backups to a long-term archive storage.

Note

To create RDS image-level backups, Veeam Backup for AWS deploys worker instances in a production account — that is, the same AWS account to which the processed resources belong. For more information, see Worker Deployment Options.

Configuring Backup Settings

To instruct Veeam Backup for AWS to create image-level backups of the selected RDS resources, do the following:

  1. Set the Enable backups toggle to On.
  2. In the Repositories window, select a backup repository where the created image-level backups will be stored, and click Apply.

For a backup repository to be displayed in the list of available repositories, it must be added to Veeam Backup for AWS as described in section Adding Backup Repositories. The list shows only backup repositories of the S3 Standard storage class.

To learn how Veeam Backup for AWS creates image-level backups, see RDS Backup.

Configuring Archive Settings

To instruct Veeam Backup for AWS to store backed-up data in a low-cost, long-term archive storage, do the following:

  1. Select the Archives will be stored in check box.
  2. In the Repositories window, select a backup repository where the archived data will be stored, and click Apply.

For an archive backup repository to be displayed in the list of available repositories, it must be added to Veeam Backup for AWS as described in section Adding Backup Repositories. The list shows only backup repositories of the S3 Glacier Flexible Retrieval or S3 Glacier Deep Archive storage classes.

For more information on backup archiving, see Enabling Backup Archiving.

Important

If you enable the backup archiving, consider that data encryption must be either enabled or disabled for both backup and archive backup repositories. This means that, for example, you cannot select an encrypted standard backup repository and an unencrypted archive backup repository in one backup policy. However, the selected repositories can have different encryption schemes (password and KMS encryption).

Configuring Worker Settings

From the IAM role drop-down list, select an IAM role that will be attached to the worker instances and used by Veeam Backup for AWS to communicate with these instances. The role must belong to the same account to which the IAM role specified to perform the backup operation belongs and must be assigned permissions listed in section Worker Deployment Role Permissions in Production Accounts.

For an IAM role to be displayed in the IAM role list, it must be added to Veeam Backup for AWS with the Production worker role selected as described in section Adding IAM Roles. If you have not added the necessary IAM role to Veeam Backup for AWS beforehand, you can do it without closing the Add RDS Policy wizard. To do that, click Add and complete the Add IAM Role wizard.

Important

  • For Veeam Backup for AWS to deploy worker instances in production accounts, you must assign additional permissions to the IAM role used to perform the backup operation. For more information on the required permissions, see section RDS Backup IAM Role Permissions.
  • It is recommended that you check whether both the IAM role specified at step 3.1 of the wizard and the IAM role specified in the Backups section have the required permissions. If some permissions of the IAM role are missing, the backup policy will fail to complete successfully. To run the IAM role permission check, click Check Permissions and follow the instructions provided in section Checking IAM Role Permissions.

Worker Instance Requirements

To perform RDS image-level backups, Veeam Backup for AWS deploys worker instances in production accounts in the same AWS Regions and VPCs in which processed PostgreSQL DB instances reside. By default, Veeam Backup for AWS uses the most appropriate network settings of AWS Regions in production accounts to deploy worker instances. However, you can add specific worker configurations to specify network settings for each region in which worker instances will be deployed.

If no specific worker configurations are added to Veeam Backup for AWS, the most appropriate network settings of AWS Regions are used to deploy worker instances for the RDS backup operation. For Veeam Backup for AWS to be able to deploy a worker instance used to create an image-level backup:

  • The DNS resolution option must be enabled for the VPC. For more information, see AWS Documentation.
  • As Veeam Backup for AWS uses public access to communicate with worker instances, the public IPv4 addressing attribute must be enabled at least for one subnet in the Availability Zone where the DB instance resides and the VPC to which the subnet belongs must have an internet gateway attached. VPC and subnet route tables must have routes that direct internet-bound traffic to this internet gateway.

If you want worker instances to operate in a private network, enable the private network deployment functionality and configure specific VPC endpoints for the subnet to let Veeam Backup for AWS use private IPv4 addresses. Alternatively, configure VPC interface endpoints as described in section Appendix C. Configuring Endpoints in AWS.

Note

During RDS image-level backup operations, Veeam Backup for AWS creates 2 additional security groups that are further associated with the source DB instances and worker instances to allow direct network traffic between them. To learn how RDS resource backup works, see RDS Backup.

Creating RDS Backup Policy

Page updated 9/12/2024

Page content applies to build 8.1.0.7

View all results across Veeam
Back to document search