Veeam Backup for AWS performs EC2 backup in the following way:
- Veeam Backup for AWS creates snapshots of EBS volumes that are attached to the processed EC2 instance.
- EBS snapshots are assigned AWS tags upon creation. Keys and values of AWS tags contain encrypted metadata that helps Veeam Backup for AWS identify the related EBS snapshots and treat them as a single unit — a cloud-native snapshot.
- If you enable snapshot replication for the backup policy, Veeam Backup for AWS copies cloud-native snapshots to the target AWS Region and AWS account specified in the backup policy settings.
- If you enable image-level backup for the backup policy, Veeam Backup for AWS performs the following operations:
- Launches a worker instance in an AWS Region where the processed EC2 instance resides.
By default, Veeam Backup for AWS uses the default network settings of AWS Regions to launch worker instances. However, you can add specific worker configurations. For more information on worker instances, see Managing Worker Instances.
- Re-creates the EBS volumes from the cloud-native snapshot created at step 1 and attaches them to the worker instance.
Note that the cloud-native snapshot used as a source for image-level backup is not a temporary snapshot — when the backup session completes, this snapshot remains in the snapshot chain and is deleted later according to the specified policy scheduling settings. For more information, see CBT Impact on Snapshot Retention.
- Reads data from the EBS volumes on the worker instance, transfers the data to a backup repository and stores it in the native Veeam format.
To reduce the amount of data read from EBS volumes, Veeam Backup for AWS uses the changed block tracking (CBT) mechanism: during incremental backup sessions, Veeam Backup for AWS compares the new cloud-native snapshot with the previous one and reads only those data blocks that have changed since the previous backup session. If CBT cannot be used, Veeam Backup for AWS reads all data from the re-created EBS volumes. For more information, see Changed Block Tracking.
Veeam Backup for AWS encrypts and compresses data saved to backup repositories. For more information on data encryption, see Enabling Data Encryption.
- When the backup session completes, removes the worker instance from Amazon EC2.
- If you enable the backup archiving mechanism, Veeam Backup for AWS performs the following operations:
- Launches a worker instance in an AWS Region where a backup repository storing backed-up data resides.
- Retrieves data from the backup repository and transfers it to the archive repository.
- When the archive session completes, removes the worker instance from Amazon EC2.