Protecting RDS Resources

With Veeam Backup for AWS, you can perform the following operations to protect RDS resources:

Create cloud-native snapshots of RDS resources (DB instances and Amazon Aurora DB clusters) and replicate these snapshots to any AWS Region within any AWS account.

A cloud-native snapshot of a DB instance includes a storage volume snapshot of the instance. Snapshots of DB instances (also referred to as DB snapshots) are taken using native AWS capabilities.

Create image-level backups of PostgreSQL DB instances and keep them in Amazon Simple Storage Service (Amazon S3) for high availability, cost-effective and long-term storage.

An image-level backup captures the PostgreSQL databases of the processed DB instance.

To protect RDS resources, Veeam Backup for AWS runs backup policies. A backup policy is a collection of settings that define the way backup operations are performed: what data to back up, where to store backups, when to start the backup process, how to retain restore points, and so on.

Veeam Backup for AWS does not install agent software inside instances to back up RDS resource data — it uses native AWS capabilities instead. During every backup session, Veeam Backup for AWS creates a cloud-native snapshot for each RDS resource added to a backup policy. The cloud-native snapshot is further used to create a snapshot replica in another AWS Region or another AWS account and an image-level backup of the instance. For more information on how RDS resources backup works, see RDS Backup.

Supported Applications

Veeam Backup for AWS supports backup of the following PostgreSQL versions:

PostgreSQL 16
PostgreSQL 15
PostgreSQL 14
PostgreSQL 13
PostgreSQL 12

Worker Deployment Considerations

Before you start creating RDS backup policies, consider the following:

By default, Veeam Backup for AWS deploys worker instances in production accounts and employs several IAM roles to deploy them. For more information, see Worker Deployment Options.
To perform RDS image-level backups, Veeam Backup for AWS deploys the worker instances in the same AWS Regions and VPCs in which processed PostgreSQL DB instances reside. For more information, see Worker Instance Locations.
By default, Veeam Backup for AWS uses the most appropriate network settings of AWS Regions in production accounts to deploy the worker instances. However, you can add specific worker configurations to specify network settings for each region in which worker instances will be deployed.

If no specific worker configurations are added to Veeam Backup for AWS, the most appropriate network settings of AWS Regions are used to deploy worker instances for the RDS backup operation. For Veeam Backup for AWS to be able to launch a worker instance used to create an image-level backup:

The DNS resolution option must be enabled for the VPC. For more information, see AWS Documentation.
As Veeam Backup for AWS uses public access to communicate with worker instances, the public IPv4 addressing attribute must be enabled at least for one subnet in the Availability Zone where the DB instance resides and the VPC to which the subnet belongs must have an internet gateway attached. VPC and subnet route tables must have routes that direct internet-bound traffic to this internet gateway.

If you want worker instances to operate in a private network, enable the private network deployment functionality and configure specific VPC endpoints for the subnet to let Veeam Backup for AWS use private IPv4 addresses. Alternatively, configure VPC interface endpoints as described in section Appendix C. Configuring Endpoints in AWS.

How To Protect RDS Resources

To create an RDS backup policy, perform the following steps: