Skip to content

Configure AWS Backup

This guide shows you how to configure AWS Backup to schedule daily backups of AWS resources including databases and S3 buckets.

Warning

As part of this series of guides you will create a AWS Backup vault and enable Compliance mode. When Compliance mode is enabled, any backups created cannot be deleted by any user including the root user.

Step 1: Add and configure the backup package

Assumption

This step assumes you are already using Boilerplate and have a common-config.yml. If you do not, have a look here for an example

repo-iac/environments/dev/
ok pkg add backup
cd backup

Edit package-config.yml to disable the slack notifications (you will set this up later):

repo-iac/environments/dev/backup/package-config.yml
StackName: "backup"

NotifySlack:
  Enable: false

Warning

In config_override.tf, it's possible to set the variable changeable_for_days.

If or when you set changeable_for_days, you will NOT be able to delete the backup after changeable_for_days days. This ensures that intruders cannot delete your backups.

Step 2: Install the package

repo-iac/environments/dev/backup/
ok pkg install

Step 3: Initialize and apply the backup stack

Initialize Terraform and apply the configuration:

repo-iac/environments/dev/backup/
terraform init
terraform apply

Step 4: Verify

  • Go to AWS console > AWS Backup > Backup plans
  • Verify that you have a backup plan with the name of your environment
  • Go to the backup plan
  • Verify that it contains two scheduled backup rules: Daily and monthly

Next steps

Follow the Slack notification guide to set up Slack notifications for backups.