How Backup Works

In this article

    Veeam Backup for AWS does not install agent software inside instances to retrieve data. To back up instance data, Veeam Backup for AWS uses native AWS capabilities. During every backup session, Veeam Backup for AWS creates a cloud-native snapshot for each instance added to a backup policy. The cloud-native snapshot is further used to create a snapshot replica (for RDS and EC2 instances) and an image-level backup (only for EC2 instances).

    To protect Amazon VPC configuration, Veeam Backup for AWS retrieves configuration data through API and back up this data to the Veeam Backup for AWS database.

    For more information on the backup process, see:

    EC2 Instance Backup

    Veeam Backup for AWS performs EC2 instance backup in the following way:

    1. Veeam Backup for AWS creates snapshots of EBS volumes that are attached to the processed EC2 instance.
    1. EBS snapshots are assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EBS snapshots and treat them as a single unit — a cloud-native snapshot.
    1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies cloud-native snapshots to the target AWS Region and AWS account specified in backup policy settings.
    1. If you enable image-level backup for the backup policy, Veeam Backup for AWS performs the following operations:
    1. Launches a worker instance in an AWS Region where the processed EC2 instance resides.
    2. Re-creates the EBS volumes from the cloud-native snapshot created at step 1 and attaches them to the worker instance.

    Note that the cloud-native snapshot used as a source for image-level backup is not a temporary snapshot, and it is required to perform changed block tracking (CBT). When the backup session completes, this snapshot remains in the snapshot chain until the next image-level backup session. For more information, see CBT Impact on Snapshot Retention.

    1. Reads data from the EBS volumes on the worker instance, transfers the data to an S3 repository and stores it in the native Veeam format.

    To reduce the amount of data read from EBS volumes, Veeam Backup for AWS uses CBT: during incremental backup sessions, Veeam Backup for AWS transfers to an S3 repository only those data blocks that have changed since the previous backup session. If CBT cannot be used, Veeam Backup for AWS reads the full content of EBS volumes. For more information, see Changed Block Tracking.

    Veeam Backup for AWS encrypts and compresses data saved to S3 repositories. For more information on data encryption, see Data Encryption.

    1. When the backup session completes, Veeam Backup for AWS removes the worker instance from Amazon EC2.

    RDS Instance Backup

    Veeam Backup for AWS performs RDS instance backup in the following way:

    1. Veeam Backup for AWS creates a storage volume snapshot of an RDS instance (DB snapshot).

    The DB snapshot is assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related DB snapshot.

    1. If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies the DB snapshot to the target AWS Region of the AWS account specified in the backup policy settings.

    Amazon VPC Configuration Backup

    Veeam Backup for AWS performs VPC configuration backup in the following way:

    1. Veeam Backup for AWS sends API requests to AWS to retrieve the VPC configuration data and saves this data in the Veeam Backup for AWS database.

    To back up the VPC configuration of an AWS Region, Veeam Backup for AWS uses permissions of an IAM role specified for this AWS Region in the backup policy. For each pair of the AWS account and the AWS Region whose VPC configuration data is backed up using the IAM role created in this AWS account, Veeam Backup for AWS creates a configuration record. Every time the VPC Configuration Backup policy runs, Veeam Backup for AWS updates the record to create a new restore point for the VPC configuration. For more information, see VPC Configuration Backup Chain.

    1. If you configure the VPC Configuration Backup policy to copy backup files to an S3 repository, Veeam Backup for AWS launches Veeam Data Mover service on the backup appliance to copy the restore point to the target S3 repository specified in the backup policy settings. On the S3 repository, for each backed-up AWS account, Veeam Backup for AWS creates an individual folder with VPC configuration backup files.

    Related Topics