Managing Backed-Up Data Using Console

To view and manage backed-up data, navigate to the Backups node of the Home view. The node displays information on all restore points created by backup appliances.

When you expand the Backups node in the working area, you can see the following icons:

The Backups node contains 4 subnodes:

• The Snapshots subnode displays information on cloud-native snapshots of the protected EC2 instances and RDS resources, as well as information on cloud-native backups of the protected DynamoDB tables and EFS file systems:

• <appliance_name> nodes show snapshots or backups created manually on backup appliances and snapshots or backups imported to the backup appliances from AWS Regions specified in backup policy settings.

• <backup_policy_name> nodes show snapshots or backups created by backup policies.

To learn how Veeam Backup for AWS creates cloud-native snapshots of EC2 instances and RDS resources, as well as cloud-native backups of DynamoDB tables and EFS file systems, see sections EC2 Backup, RDS Backup, DynamoDB Backup and EFS Backup.

• The External Repository subnode displays information on image-level backups of the protected EC2 instances and RDS resources that are stored in standard backup repositories, as well as backups of VPC configurations that are stored on backup appliances.

• <backup_policy_name> nodes show backups of EC2 instances and RDS resources created by backup policies.
• <aws_account_name> nodes show VPC configuration backups created for specific AWS accounts.

To learn how Veeam Backup for AWS creates image-level backups of EC2 instances and RDS resources, as well as VPC configuration backups, see sections EC2 Backup, RDS Backup and VPC Configuration Backup.

• The External Repository (Encrypted) subnode displays information on encrypted image-level backups of EC2 instances and RDS resources that are stored in standard backup repositories and that have not been decrypted yet, which means either that you have not specified the decryption password or that the specified password is invalid.

To learn how to decrypt backups, see Decrypting Backups.

• The External Repository (Archive) subnode displays information on image-level backups of EC2 instances and RDS resources that are stored in archive backup repositories.

To learn how Veeam Backup for AWS creates archive backups, see EC2 Archive Backup Chain and RDS Archive Backup Chain.

Decrypting Backups

Veeam Backup & Replication automatically decrypts backup files stored in repositories either using passwords that you specify when adding these repositories to the backup infrastructure or using KMS keys automatically detected by Veeam Backup & Replication. If you do not specify decryption passwords or if Veeam Backup & Replication does not have permissions to access KMS keys, the backup files remain encrypted.

• To decrypt backup files encrypted using a KMS key, make sure that the IAM user specified when creating a new repository or adding an existing repository is assigned permissions required to access KMS keys. For more information on the required permissions, see Plug-in Permissions.
• To decrypt backup files encrypted using a password, do the following:

1. In the Veeam Backup & Replication console, open the Home view.
2. Navigate to Backups > External Repository (Encrypted).
3. Expand the backup policy that protects an AWS resource whose image-level backup you want to decrypt, select the backup chain that belongs to the resource and click Specify Password on the ribbon.

Alternatively, you can right-click the necessary backup chain and select Specify password.

4. In the Specify Password window, enter the password that was used to encrypt the data stored in the target repository.