Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Why does my AWS Backup PITR job fail when it overlaps with Amazon RDS maintenance windows?

5 minute read
5

My AWS Backup point-in-time recovery (PITR) jobs fail when the jobs overlap with Amazon Relational Database Service (Amazon RDS) backup and maintenance windows.

Short description

When you schedule an AWS Backup PITR job within 1 hour of the Amazon RDS backup or maintenance window, then you might receive one of the following error messages:

  • "Backup job could not start because it is either inside or too close to the weekly maintenance window configured in RDS instance."
  • "Backup job could not start because it is either inside or too close to the automated backup window configured in RDS instance."

The failure occurs because Amazon RDS activity takes precedence over jobs that you create in AWS Backup. To resolve this issue, turn on continuous backups and PITR for your Amazon RDS database in AWS Backup.

Resolution

Turn on continuous backups for PITR

To turn on continuous backups for PITR, complete the following steps:

  1. Open the AWS Backup console.
  2. In the navigation pane, choose Backup plans.
  3. Choose Create backup plan.
  4. Choose Build a new plan, and then enter a backup plan name.
  5. For Backup rule configuration, enter a backup rule name.
  6. For Point-in-time recovery, select Enable continuous backups for point-in-time recovery (PITR).
  7. Set up other backup rule configurations as needed.
  8. Choose Create plan.
  9. For Assign resources, in General, enter a resource assignment name.
  10. Choose Choose an IAM role.
    Select the AWS Identity and Access Management (IAM) role that has the required permissions for Amazon RDS continuous backups.
  11. For Resource selection, under Define resource selection, choose Include specific resource types.
  12. For Select specific resource type, choose RDS, and then select your RDS database.
  13. Choose Assign resources.

After you turn on AWS Backup continuous backups, the following changes occur:

  • AWS Backup takes control of the backup configuration.
  • You can no longer change the continuous backup PITR configuration on the Amazon Aurora and Amazon RDS console. Instead, you must make all changes in the AWS Backup plan that you associated with the RDS database backup.
  • AWS Backup schedules Amazon RDS automated snapshots.
  • AWS Backup evaluates all backup and maintenance windows to determine the best time for automated snapshots.

Note: AWS Backup jobs might still fail when continuous backups for PITR is active. If this occurs, then change the maintenance window to another time.

After you turn off AWS Backup continuous backups, the following changes occur:

  • Amazon RDS controls and manages the Amazon RDS database backups.
  • You can make changes to the backup configuration on the Amazon RDS console.
  • Amazon RDS keeps your backup data for future restorations.
  • AWS Backup calls the ModifyDBInstance API and reboots the Amazon RDS database to register the changes.
  • Amazon RDS immediately applies pending configuration changes.

Resolve the "continuous backup configuration failed" error

When you configure an AWS Backup plan for continuous PITR for Amazon RDS, you might receive the following error message:

”Continuous Backup enable failed due to PITR already configured in backup plan: arn:aws:backup:us-west-1:###:backup-plan:###-464cba39235e”

You can't turn on PITR in multiple backup plans for the same RDS database.

To resolve this issue, use the DisassociateRecoveryPoint API to delete the previous continuous recovery point from the backup vault. Then, you can create a new backup plan for the same RDS resource.

Note: Only one continuous recovery point can exist at a time for a resource in AWS Backup.

Add permissions to manage temporary PITR snapshots

To support temporary PITR copies, AWS Backup creates a temporary source snapshot. After the copy completes, AWS Backup removes the temporary source snapshot. If your IAM role that AWS Backup assumed doesn't include the rds:DeleteDBSnapshot permission, then AWS Backup can't remove the source snapshot after a successful copy.

Also, AWS Backup creates an EXPIRED recovery point to prevent snapshot leakage. To manually delete EXPIRED recovery points, see How do I delete a recovery point from a backup vault in AWS Backup?

To add the rds:DeleteDBSnapshot permission to your IAM role policy, complete the following steps:

  1. Open the IAM console.

  2. In the navigation pane, choose Roles, and then select the IAM role that AWS Backup assumed.

  3. In Permissions policies, choose Add permissions.

  4. Choose Create inline policy.

  5. Choose the JSON tab and then add the following statement to your policy:

    {
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": "rds:DeleteDBSnapshot",
        "Resource": "arn:aws:rds:region:account-id:snapshot:*"
    }]
}

  6. Choose Next.

  7. Enter a name for the policy.

  8. Choose Create policy.

Copy a continuous backup across accounts or Regions

To copy your continuous backup across AWS accounts, see Creating backup copies across AWS accounts. For AWS Regions, see Creating backup copies across AWS Regions.

Note: AWS Backup doesn't support on-demand copies of continuous backups.

For more information, see Copying continuous backups.

Related information

Guidance for disaster recovery using Amazon Aurora

Topics
Storage
Tags
AWS Backup
Language
English
AWS OFFICIALUpdated 4 months ago
No comments

Relevant content