Skip to main content
Manage backup policies
Updated this week

A Backup Policy defines the backup schedule and the tiered retention settings for snapshots. Once defined, backup policies can be executed across AWS accounts at the organization level, and set to Active or disabled, depending on business requirements.

Setup policy to backup snapshots to Druva Cloud

Druva CloudRanger offers a simplified, global approach to backup policies, with options to define one or more policies to automate your backup schedule for EC2 backups to Druva Cloud.

Step 1: On the top navigation bar, select Policies, and then click Create Backup Policy.


Step 2: Specify the following policy Setup information:

  • Add a Name and a brief Description for your policy.

  • Select the Snapshot + Backup to Druva Cloud check box to move snapshots to Druva Cloud for all resources specified within the policy.

πŸ“ Note
​Ensure that you have provisioned your Druva Cloud Storage and configured appropriate Storage Rules. A backup policy defined to move snapshots to Druva Cloud will be executed only when a corresponding Storage Rule is available.

The Prerequisites dialog displays information on getting started with Druva Cloud backups. You may click each step to be redirected to the individual pages to Provision Storage, set up Storage Rules, or manage Client Credentials. The icons indicate whether or not each of these steps have been successfully configured:

1_BTDC Prerequisites.png

Step 3: Specify the backup Schedule.

Specify the backup Frequency.

  • Create backup every: Choose the backup frequency by day, week, month, or year.
    ​For example:
    Backup every week on Monday every hour at 50 minutes past the hour.
    Backup every month on the 1st day of the month every 30 minutes.

πŸ“ Note
​When enabling a policy to backup data to Druva Cloud, the backup schedule must be set to an hourly frequency or higher. The following validation displays if the backup frequency is lower than an hour.

  • Backup Window [Optional]: Specify the backup from and to time in HH:MM notation.
    ​Note: This field applies only if you specify weekly backup every hour in the Create Backup Every field.

  • Time Zone: Select the time zone that applies to the backup frequency specified.

  • Click Save & Continue.

Step 4: Specify the Resources for backup.

  • On the Resources tab, click Add to identify resources that you wish to include in the backup.

  • On the Identify Resources dialog, specify the filter criteria to identify specific resources to include or exclude.

How Include/Exclude conditions apply on Druva CloudRanger:

  • You can create multiple include and exclude rules.

  • Include rules: When multiple include rules are defined, this translates to an β€˜OR’ condition. In other words, resources are matched against each include rule, and do not have to meet all specified conditions concurrently.

  • Exclude rules: Exclude rules take precedence when the same resource is matched based on the include and exclude criteria selected.
    An exception to this is when an EC2 resource is selected within include and an EBS volume within exclude. In such a scenario, the EBS volume that is part of EC2 will not be excluded from the backup.

  • When multiple tags are defined as part of include/exclude, this translates to an β€˜AND’ condition.



Find Resource types

Select the Resource Type, for example, EBS Volume, EC2, RDS, or Redshift.
You may select All resource types to filter resources across resource types.

In account

Select the CloudRanger account associated with the AWS resources to be specified.
You may select All accounts to identify resources across accounts.

And in regions

Select the applicable AWS regions, or select All regions.


Select the match criteria by Resource IDs, Tags, VPC IDs, Subnet IDs, or select All resources. Based upon the Match selected, you will need to specify the criteria values appropriate to that criteria.
​For example:
​Tags: Backup Type; Values: Daily
​VPC IDs: Select by VPC IDs or VPC Name

  • Similarly, on Exclude Resources, click Add to identify specific resources that you wish to exclude from the backup.

  • The resources identified are then displayed under Include or Exclude Resources, based on your selection criteria.

  • To eliminate a specific resource in the list from your backup policy, select the checkbox against that resource and click Remove.

  • Click Save & Continue.

Step 5: Specify the criteria for any additional backup Copies.

πŸ“ Note
​Cross-region and cross-account backups are not supported for Redshift instances.

  • Select the Save extra copies to other regions checkbox to create additional copies of your AWS backups in multiple regions.
    You may specify up to two additional AWS regions to create copies in.

  • Select the Save an extra copy to another account checkbox to create additional copies of your AWS backups in another CloudRanger account.

πŸ“ Note
​The Backup Copy Encryption is applicable only if one or more resources included in the policy is encrypted, and a backup is to be generated. If the source resource is encrypted, then an Encryption Key is applied to the backup operation.

The Backup Copy Encryption options are displayed only when a cross-region or cross-account backup is to be generated for encrypted snapshots.

  • To backup encrypted resources, you will need to define the association of keys between the source and the target regions for that backup. To do this, select the Target Key for each target region specified.

  • Under Resource Backup Options, you have the option to create backups of EC2 resources as AMIs or as snapshots. In the case of AMIs, you may also select your reboot preferences.

Step 6: Specify the backup Retention criteria.

πŸ“ Note
​Druva CloudRanger follows the Grandfather-Father-Son (GFS) retention model. For more information on retention, please see About Retention for Backup Policies.

  • Specify the Tiered Retention criteria. The standard retention options are pre-populated, and you can modify these based on your business requirements.

    • All backups retained for: Select the retention duration in hours, days, weeks, months, or years.

    • Select the retention criteria for Weekly, Monthly or Yearly Backups.

  • EC2 and EBS snapshot retention: You may also specify the snapshot retention criteria. This retention applies to snapshots retained within your AWS environment post backup to Druva Cloud.
    Do note that a master snapshot will still be retained, irrespective of the retention set here.

  • Copy Options: Specify the retention criteria for any additional backup copies.

    • Select Same retention as source backup to retain the retention criteria.

    • Alternatively, you may specify the retention in hours, days, weeks, months, or years.

  • Click Save & Continue.

Step 7: Specify Additional Options for the backup.

  • Select the Execute VSS Consistent Scripts (Windows Only) checkbox to generate consistent snapshots for any Windows server with VSS installed.

πŸ“ Note
​If the selected Backup Policy has servers defined that do not have VSS installed, then a standard AWS EBS snapshot is generated. For more information, see Generate VSS consistent snapshots for Windows servers.

  • Script Execution: The pre- and post-backup scripts feature offers enterprises the option to generate application-consistent snapshots for common applications like SQL Server. This ensures that the point-in-time snapshots will remain crash-consistent as well as application-consistent.

    • Select the Execute pre- and post-scripts for EC2 instances checkbox to enable script execution when creating a new backup policy.
      In addition, you can manage backup generation in the event that the scripts configured are unavailable.

    • Define the time limit to terminate script execution.
      ​For example: Abort script execution in 5 minutes

    • Select the backup execution criteria if the script is unavailable.

      • Execute backup without the script: Selecting this option will execute the backup without the configured script.

      • Attempt backup execution with warning: Selecting this option will initiate the backup but fail it at the point of execution of the script.

      • Fail the backup and generate an error: Selecting this option fails the backup and generates an error corresponding to the backup failure.

πŸ“ Note
​You may configure scripts to specific resources from the main Scripts page. For more information, see Configure and Manage Backup Scripts.

  • Under AMI Options specify whether the policy should generate an AMI or a Snapshot.

    • Create a second 'root volume only' AMI with each backup: Enable this option to create a second AMI for all EC2 instances backed up by the policy, with the Block Device Mappings adjusted to only contain the root volume.

      πŸ“ Note
      ​This option is available only when AMI is selected from on the AMI Options drop-down, flagging this as an AMI policy.

    • The backup retention, file-level search, as well as Druva Cloud backup workflow will all function for this second AMI, as expected.

    • The second AMI is handled by the same job, and will begin to execute once the first AMI is generated. Both the AMIs will not be created simultaneously to prevent extra load on the instance.

      Root AMI Jobs.png

  • Under Add Tags to Backups specify the tags to be applied to each backup generated by the policy. Tags act as metadata to help identify and organize your AWS resources.
    Based upon the Key selected, you will need to specify the appropriate Value. F or example:
    ​Key: Created by Policy; Value: New
    ​Key: Origin; Value: Specify Origin ID

  • Select the Inherit tags from Source checkbox to inherit or retrieve tags from the Origin servers and apply them to backups generated by the policy.

  • Click Save.

πŸ“ Note
​ To manage tags on existing snapshots, refer to AWS Management Console - Tag Editor.

The backup policy is now successfully defined and is displayed on the main Backup Policies page with the State toggle set to Active.

Migrate existing snapshots to a Druva Cloud-enabled policy

Druva CloudRanger allows you to import existing AWS backups into a policy that is enabled for backup onto Druva Cloud. You can manage all your backups within the retention period and backup schedules defined to ensure SLA compliance and reduce storage costs. Backups can be imported, regardless of whether they are tagged using specific tags in your AWS environment. Once imported, all backups will be managed based on the policy retention specified on the chosen policy.

To import existing backups into a backup policy enabled for Druva Cloud storage:

  1. On the top navigation bar, click Policies and then select the policy you wish to import.

  2. Click Import Backups.


    The Import Backups popup displays.

  3. On the Find Backups tab, specify the criteria to locate specific backups.

πŸ“ Note
​ Ensure that the options specified here are relevant to the storage configured on Druva Cloud



Find Backup Types

Select one or more backup types, for example, AMI or Snapshot.

In accounts

Select the Druva CloudRanger account(s) to which the backups need to be imported.

And in regions

Select the AWS regions to which the backup applies


Specify the tagging criteria:

  • Backups with tags: If you select this option, you will also need to specify the relevant tag types and values

  • Backups without tags: Select this to import backups with no associated tags

  • All backups

4. Click Continue.
5. Review the policy retention on the Retention Review tab and then click Finish.
The resource backups are now imported into the selected backup policy, and the retention criteria for these new backups will be handled by that policy.
6. Select the backup policy and click Execute Now to migrate all imported snapshots to Druva Cloud based on the storage region configured.

πŸ“ Note
​All imported backups will be managed based on policy retention, and will now reside in Druva Cloud.

To manage tags on existing snapshots, refer to AWS Management Console - Tag Editor.

Next steps

While backup policies are automatically executed within the defined schedule, Druva CloudRanger offers options to execute your backup policies on demand. With the Execute Now feature, you can generate a manual (point in time) backup of a specific EC2 resource on Druva Cloud. For more information, see Backup to Druva Cloud Workflow.

Did this answer your question?