How Backup Works
Veeam Backup for AWS does not install agent software inside EC2 instances to retrieve data. To back up EC2 instance data, Veeam Backup for AWS uses capabilities of EBS snapshots.
During every backup session, Veeam Backup for AWS creates a cloud-native snapshot for each EC2 instance in a backup policy. Depending on the data protection scenario, the cloud-native snapshot is further used to create a snapshot replica and/or image-level backup of an EC2 instance.
Veeam Backup for AWS performs backup in the following way:
- Veeam Backup for AWS creates snapshots of EBS volumes that are attached to the processed EC2 instance.
EBS snapshots are assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata which helps Veeam Backup for AWS identify related EBS snapshots and treat them as a single unit — a cloud-native snapshot.
- If you enabled snapshot replication for the backup policy, Veeam Backup for AWS copies the cloud-native snapshot created at step 1 to the target AWS region specified in backup policy settings.
- If you enabled image-level backup for the backup policy, Veeam Backup for AWS performs the following operations:
- Launches a worker instance in an AWS region where the processed EC2 instance resides.
- Re-creates EBS volumes from the cloud-native snapshot created at step 1 and attaches them to the worker instance.
Note that the cloud-native snapshot used as a source for image-level backup is not a temporary snapshot, it is required to perform changed block tracking (CBT). When the backup session is complete, this snapshot remains in the snapshot chain until the next image-level backup session, despite snapshot retention settings. For details, see CBT Impact on Snapshot Retention.
- Reads data from EBS volumes on the worker instance, transfers the data to an S3 repository and stores it in the native Veeam format.
To reduce the amount of data read from EBS volumes, Veeam Backup for AWS uses CBT. If CBT cannot be used, Veeam Backup for AWS reads the full content of EBS volumes. For details, see Changed Block Tracking.
During incremental backup sessions, Veeam Backup for AWS transfers to an S3 repository only those data blocks that have changed since the previous backup session.
Veeam Backup for AWS encrypts and compresses data that you back up to S3 repositories. For more information on data encryption, see Data Encryption.
- When the backup session is complete, Veeam Backup for AWS removes the worker instance from Amazon EC2.