Protecting EC2 Instances
With Veeam Backup for AWS, you can perform the following operations to protect EC2 instances:
- Create cloud-native snapshots of EC2 instances and replicate these snapshots to any AWS Region within any AWS account.
A cloud-native snapshot of a EC2 instance includes point-in-time snapshots of EBS volumes attached to the processed instance. Snapshots of EBS volumes (also referred to as EBS snapshots) are taken using native AWS capabilities.
- Create transactionally consistent backups using application-aware processing for Windows EC2 instances running VSS-aware applications.
- Create transactionally consistent snapshots using custom scripts to quiesce running applications for all processed EC2 instances.
- Create image-level backups of EC2 instances and keep them in Amazon Simple Storage Service (Amazon S3) for high availability, cost-effective and long-term storage.
An image-level backup captures the whole image of the processed EC2 instance (including instance configuration, OS data, application data and so on) at a specific point in time.
To protect EC2 instances, Veeam Backup for AWS runs backup policies. A backup policy is a collection of settings that define the way backup operations are performed: what data to back up, which operations to perform, where to store backups, when to start the backup process, how to retain restore points, and so on.
Veeam Backup for AWS does not install agent software inside instances to back up EC2 instance data — it uses native AWS capabilities instead. During every backup session, Veeam Backup for AWS creates a cloud-native snapshot for each EC2 instance added to a backup policy. The cloud-native snapshot is further used to create a snapshot replica in another AWS Region or another AWS account and an image-level backup of the instance. For more information on how EC2 instance backup works, see EC2 Backup.
Worker Deployment Considerations
Before you start creating EC2 backup policies, consider the following:
- By default, Veeam Backup for AWS deploys worker instances in the backup account and employs the worker deployment role (service IAM role). However, you can also instruct Veeam Backup for AWS to deploy worker instances in production accounts. For more information, see Worker Deployment Options.
- To minimize cross-region traffic charges, Veeam Backup for AWS deploys worker instances in specific locations that depend on the data protection or disaster recovery operation. For more information, see Worker Instance Locations.
- By default, Veeam Backup for AWS automatically chooses the default network settings of AWS Regions (if any) to deploy the worker instances. However, you can add worker configurations to define network settings for each region in which the worker instances will be deployed. For more information, see Managing Worker Configurations.
How To Protect EC2 Instances
To create an EC2 backup policy, perform the following steps:
- Check limitations and prerequisites.
- Specify IAM roles to access AWS services and resources.
- [Optional] Add backup repositories to store backed-up data.
- [Optional] Configure worker instance settings to deploy workers while processing EC2 instance data.
- [Optional] Configure global retention settings for obsolete snapshots and session records.
- [Optional] Configure email notification settings for automated delivery of backup policy results and daily reports.
- Complete the Add EC2 Policy wizard.
Related Topics