![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2022-05-14
介紹
For the first backup of an AWS resource, a full copy of your data is saved.
For each incremental backup, only the changed part of your AWS resource is saved.
Backups created using services with existing backup capabilities,
such as EBS snapshots or DynamoDB backups
目錄
- 收費
- Diagram
- Backup 的 Permission
- CLI
收費
Link:
https://aws.amazon.com/backup/pricing/
收費方式
based on
-
The amount of storage space your backup data consumes
(average storage space used throughout the month) - The amount of backup data you restore in the month
價格(@2022-05, HK)
# Backup Storage Pricing (Warm Storage)
- EFS USD$ 0.055 per GB/Month
- EBS USD$ 0.055 per GB/Month
- RDS USD$ 0.095 per GB/Month
-
S3 USD$ 0.055 per GB/Month
+ 5 S3 GETs per object.
+ EventBridge matched events charge $1 per 1 million events.
* You need to enable S3 Versioning to use AWS Backup for S3.
# Restore Pricing
- Amazon EFS File System Backup $0.022 per GB
- Amazon EBS Volume Snapshot Free
Cold, Warm Storage
此類 type 只支援 Warm Storage (不支援 Cold Storage)
- EBS Snapshot
- S3 Backup
$0.055 per GB-Month
Diagram
Protected resources /\ || Backup Vault # KMS encryption master key /\ || backup plan # backup policy(Lifecycle)
一個 Backup Vault 可以有幾個 Backup plan, backup 後就會生成 Protected resources
Master key
The AWS KMS encryption master key is used to protect the key used to encrypt backups in this backup vault.
Lifecycle
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days.
Only Amazon EFS file system backups can be transitioned to cold storage.
CompletionWindowMinutes(Required: No)
A value in minutes after a backup job is successfully started before it must be completed or
it will be canceled by AWS Backup. This value is optional.
Protected resources
Resources that have been backed up by AWS Backup are listed under protected resources.
Backup 的 Permission
AWS Backup 有 AWSBackupDefaultServiceRole
它有以下 Policy
- AWSBackupServiceRolePolicyForBackup
- AWSBackupServiceRolePolicyForRestores
當 Permission 不夠時, 就會 Backup Fail
i.e.
S3 's "AWS Backup" Access Denied
CLI
Returns an array of resources successfully backed up by Backup
aws backup list-protected-resources
{
"Results": [
{
"ResourceArn": "arn:aws:ec2:ap-east-1:AC-ID:instance/i-ID",
"ResourceType": "EC2",
"LastBackupTime": "2022-08-19T14:58:58.170000+08:00"
}
]
}用 ResourceArn 找出 RecoveryPointArn 及 BackupVaultName
aws backup list-recovery-points-by-resource \
--resource-arn <value>
{
"RecoveryPoints": [
{
"RecoveryPointArn": "arn:aws:ec2:ap-east-1::image/ami-ID",
"CreationDate": "2022-08-19T14:58:58.170000+08:00",
"Status": "COMPLETED",
"EncryptionKeyArn": ...,
"BackupSizeBytes": 53687091200,
"BackupVaultName": "TEST"
}
]
}
...
查看 backup 的 info (Lifecycle, CalculatedLifecycle, IsEncrypted)
要用到 RecoveryPointArn 及 BackupVaultName
aws backup describe-recovery-point \
--backup-vault-name <value> \
--recovery-point-arn <value>
{
"RecoveryPointArn": "arn:aws:ec2:ap-east-1::image/ami-ID",
"BackupVaultName": "KTC",
"BackupVaultArn": "arn:aws:backup:ap-east-1:AC-ID:backup-vault:TEST",
"ResourceArn": "arn:aws:ec2:ap-east-1:AC-ID:instance/i-ID",
"ResourceType": "EC2",
"IamRoleArn": "arn:aws:iam::AC-ID:role/service-role/AWSBackupDefaultServiceRole",
"Status": "COMPLETED",
"CreationDate": "2022-08-19T14:58:58.170000+08:00",
"CompletionDate": "2022-08-19T15:09:13.301000+08:00",
"BackupSizeInBytes": 53687091200,
"CalculatedLifecycle": {
"DeleteAt": "2022-08-20T14:58:58.170000+08:00"
},
"Lifecycle": {
"DeleteAfterDays": 30
},
"IsEncrypted": false
}Notes
當沒有設定 Lifecycle 時就沒有此項.
"Lifecycle": {
"DeleteAfterDays": 30
},Delete a backup
aws backup delete-recovery-point \
--backup-vault-name <value> \
--recovery-point-arn <value>
Other CLI
* update-recovery-point-lifecycle
* disassociate-recovery-point
