❗ Important
This feature has limited availability. To know more about limited availability and sign up for this feature, contact Support.
A Backup Policy defines the backup schedule and the tiered retention settings for snapshots. Once defined, backup policies can be executed across AWS accounts at the organization level, and set to Active or disabled, depending on business requirements.
AWS Workloads offers a simplified, global approach to backup policies, with options to define one or more policies to automate your backup schedule for RDS databases.
Note: Airgap backups for RDS are currently supported in the same AWS region as the source databases and clusters only.
Step 1: On the top navigation bar, select Policies, and then click Create Backup Policy.
Step 2: Specify the following policy Setup information:
Add a Name and a brief Description for your policy.
Step 3: Specify the Resources for backup.
On the Resources tab, click Add to identify resources that you wish to include in the backup.
On the Identify Resources page, specify the filter criteria to identify specific resources to include or exclude:
How Include/Exclude conditions apply on AWS Workloads (CloudRanger):
You can create multiple include and exclude rules.
Include rules: When multiple include rules are defined, this translates to an ‘OR’ condition. In other words, resources are matched against each include rule, and do not have to meet all specified conditions concurrently.
Exclude rules: Exclude rules take precedence when the same resource is matched based on the include and exclude criteria selected.
An exception to this is when an EC2 resource is selected within include and an EBS volume within exclude. In such a scenario, the EBS volume that is part of EC2 will not be excluded from the backup.When multiple tags are defined as part of include/exclude, this translates to an ‘AND’ condition.
Field | Description |
Find Resource types | Select the Resource Type, for example, RDS. You may select All resource types to filter resources across resource types. Note: To protect NeptuneDB or DocumentDB resources, select RDS as the Resource Type and specify the Resource ID. |
In account | Select the AWS Workloads account associated with the AWS resources to be specified. You may select All accounts to identify resources across accounts. |
And in regions | Select the applicable AWS regions, or select All regions. |
Match | Select the match criteria by Resource IDs, Tags, VPC IDs, Subnet IDs, or select All resources. Based upon the Match selected, you will need to specify the criteria values appropriate to that criteria. For example: Tags: Backup Type; Values: Daily VPC IDs: Select by VPC IDs or VPC Name |
Similarly, on Exclude Resources, click Add to identify specific resources that you wish to exclude from the backup.
The resources identified are then displayed under Include or Exclude Resources, based on your selection criteria.
To eliminate a specific resource in the list from your backup policy, select the checkbox against that resource and click Remove.
Click Save & Continue.
Step 4: Specify the backup Schedule.
Specify the backup Frequency.
Create backup every: Choose the backup frequency by day, week, month, or year.
Example:
Backup every week on Monday every hour at 50 minutes past the hour.
Backup every month on the 1st day of the month every 30 minutes.
Backup Window [Optional]: Specify the backup from and to time in HH:MM notation.
📝 Note
This field applies only if you specify weekly backup every hour in the Create Backup Every field.
Time Zone: Select the time zone that applies to the backup frequency specified.
Click Save & Continue.
Step 5: Specify the backup Retention criteria.
Specify the Airgap Backup criteria. You may choose to configure EC2 and/or RDS resources for airgap backup.
Enable for EC2: Set the toggle to enable EC2 resources for airgap backup.
📝 Note
To get started with EC2 airgap backup, ensure that you have provisioned your Druva Cloud Storage and configured appropriate Storage Rules. A backup policy defined to move EC2 and EBS snapshots to Druva Cloud will be executed only when a corresponding Storage Rule is available. For more information, see Set up Storage on Druva Cloud and Storage Rules.
Enable for RDS: Set the toggle to enable RDS databases and clusters for airgap backup.
📝 Note
When enabling Airgap Backup for RDS, verify if any pre-existing resources already have this policy applied. If so, enabling this option now will move only the new recovery points to an airgap storage.
Any already existing snapshots will remain in your AWS account and follow the predefined retention criteria, as applicable.
Specify the Tiered Retention criteria. The standard retention options are pre-populated that you can modify based on your business requirements.
Never Delete Recovery Points: This option is disabled if Airgap backup for EC2 or RDS is selected.
Daily/Weekly//Yearly Recover Points: Select the retention criteria for Weekly, Monthly or Yearly Recovery Points.
📝 Note
AWS Workloads (CloudRanger) follows the Grandfather-Father-Son (GFS) retention model. For more information on retention, please see About Retention for Backup Policies.
The retention defined here is for the local snapshot created in your AWS account. A master snapshot is retained regardless of the duration specified.
Additional Copies: [Optional] Specify the retention criteria for any additional backup copies.
Enable the Additional copies toggle and select the Cross-Region or Cross-Account checkbox to create additional copies of your AWS backups in multiple Accounts and AWS Regions. You may specify up to two additional Accounts and AWS regions to create copies in.
To backup encrypted resources, you will need to define the association of keys between the source and the target regions for that backup. To do this, select the Target Key for each target region specified.
📝 Note
The Backup Copy Encryption is applicable only if one or more resources included in the policy is encrypted, and a backup is to be generated. If the source resource is encrypted, then an Encryption Key is applied to the backup operation.
The Backup Copy Encryption options are displayed only when a cross-region or cross-account backup is to be generated for encrypted snapshots.
Click Save & Continue.
Step 6: Specify Additional Options for the backup.
Select the Execute VSS Consistent Scripts (Windows Only) checkbox to generate consistent snapshots for any Windows server with VSS installed.
📝 Note
If the selected Backup Policy has servers defined that do not have VSS installed, then a standard AWS EBS snapshot is generated.
Under AMI Options, you have the option to create backups of EC2 resources as AMIs or as snapshots. In the case of AMIs, you may also select your reboot preferences.
📝 Note
The copies here apply to backups generated via snapshot orchestration and are not specific to the RDS airgap DB and Cluster snapshots. For more information, see Manage Backup Policies for AWS Resources.
Under Add Tags to Backups specify the tags to be applied to each backup generated by the policy. Tags act as metadata to help identify and organize your AWS resources.
Based upon the Key selected, you will need to specify the appropriate Value. For example:
Key: Created by Policy; Value: New
Key: Origin; Value: Specify Origin ID
Select the Inherit tags from Source checkbox to inherit or retrieve tags from the Origin servers and apply them to backups generated by the policy.
Click Save.
📝 Note
To manage tags on existing snapshots, please refer to AWS Management Console - Tag Editor.
The backup policy is now successfully defined and is displayed on the main Backup Policies page with the State toggle set to Active.