RDS automated backup


I am having an rds instance in the stopped state. Its retention is set to 35 days. The backup window set on the instance during the creation time is 1 am-2 am UTC. It was in a stopped state last week, it didn't take any automated backup during that time. So via a schedule, I am starting the instance at 1 am and then stopping the instance at 3 am to do backup and its clean up. But how i can ensure the clean-up job from AWS is executed based on the retention as still there are backups there older than 35 days?

質問済み 8ヶ月前310ビュー


The right way to go for advanced RDS backup is to use AWS Backups: https://aws.amazon.com/backup/features/

AWS Backup provides a backup console, public APIs, and a command line interface to centrally manage 
backups across the AWS storage, compute, database, and hybrid services your applications run on, 
including Amazon Simple Storage Service (S3), Amazon Elastic Block Store (EBS), Amazon FSx, Amazon 
Elastic File System (EFS), AWS Storage Gateway, Amazon Elastic Compute Cloud (EC2), Amazon Relational 
Database Service (RDS), Amazon Aurora, Amazon DynamoDB, Amazon Neptune, Amazon DocumentDB 
(with MongoDB compatibility), Amazon Timestream, Amazon Redshift, SAP HANA on Amazon EC2 and 
the entire application stack defined by AWS CloudFormation, as well as hybrid applications like VMware 
workloads running on premises and in VMware CloudTM on AWS and AWS Outposts.

The AWS Backup vault is a logical container that stores and manages your encrypted backups. When creating 
a backup vault, you must specify the AWS Key Management Service (AWS KMS) encryption key that encrypts 
the backups placed in this vault. All copied backups are encrypted with the key of the target vault. For more 
information about encryption, see the chart in Encryption for backups in AWS.

AWS Backup encrypts your backup data at rest and in transit, providing a comprehensive encryption solution 
that secures your backup data and helps meet compliance requirements. Your backup data is encrypted using
 encryption keys managed by the AWS Key Management Service (KMS), reducing the need to build and maintain 
a key management infrastructure. The keys used to encrypt your AWS Backup data are independent of the keys 
used to encrypt the resources that the backups are based on. Having separate encryption keys for your production 
and backup data provides an important layer of protection for your applications.

You can create backups managed by backup plans, enabling you to define your backup requirements and apply 
these policies to the AWS resources you want to protect. Backup plans simplify and scale your data protection 
strategy across your applications and organization.

The create and delete features of backup plans will allow you to manage very flexibly your deletions to make sure that you have always the minimum number of generations that you want but not more.

See https://docs.aws.amazon.com/aws-backup/latest/devguide/deleting-backups.html



profile pictureAWS
回答済み 8ヶ月前
  • Yes I have a set up to backup via aws backup service. Here what I am trying to figure out is why automated RDS backup isn't clearing backups older than retention period.Looks like aws is using a different timestamp mechanism to identify backups older than retention. In RDS automated backups its not considering the time about when it stopped based on aws docs.

    My retention is 35 days, I have automated backups for an instance from July. Past 1 week rds instance was stopped so it didn't took any auto backup or clean up from the instance. I need this instance to be off for 1 more month. And it should take automated backup and clean up during that period. I thought starting the instance during backup window and Turing off it after that period will help it. That's why I did a scheduled start and stop during that window.

    What I observed is it took backup for today but it didn't clean up backup older than 35 days?

    So what I am trying to understand is why it didn't cleaned up old backups? Do I need to wait for 1 more backup window to complete?.


Just check if there is any manual backup present.

profile picture
回答済み 8ヶ月前

Forgot to mention all are automated backups.

回答済み 8ヶ月前

ログインしていません。 ログイン 回答を投稿する。