Using AWS Backup to backup cross-account to multiple regions

0

I have AWS Backup setup to copy resources cross-account and cross-region. However, I found out that RDS is an exception where you can't do both cross-account AND cross-region. You can do one or the other, but not both. (The caveats with AWS Backup are long and confusing making it very difficult to plan and setup for even the simplest situations, but I digress). So I've decided to copy all non-RDS resources cross-account and cross-region, but for RDS I'll only copy it cross account, same region. It seems like this should be easy since AWS Backup plans support multiple rules, and multiple criteria for assigning resources. Alas it doesn't appear that it works the way I need it.

I create one rule that copies cross-account and cross-region. Then I configure another rule that performs cross-account, same region. I can configure 2 resource assignments with one for non-RDS, and one for RDS only. However, I can't seem to say non-RDS goes to the 1st rule, and RDS only goes to the 2nd. It seems like all assigned resources will be applied to all rules. There isn't a way to select which assets belong to which rule.

The thing that bugs me about this is that RDS is used pretty in every environment and using encryption with RDS seems very common too, so lots of people would have to deal with this situation where RDS can't be sent cross account and cross region. And yet it seems very awkward to set this up in AWS Backup because of the separation of Rule and Assigned Resources. If Assigned Resources were just apart of the rule then everything would be solved and very straightforward without a loss expressive power in configuration. But by having them separate you get no real increase in power of expression that I can see, but there are limitations like this that just don't seem to work.

Do I have to create separate backup plans to accomplish this (uggh) or is there a way to do this using 1 backup plan using multiple rules and multiple assignments that I don't see?

asked 3 months ago219 views
2 Answers
2
Accepted Answer

Hello,

Yes, to accomplish your use-case of copying all non-RDS resources to cross-account and cross-region, and RDS copies to another AWS account (in same region), you will have to create separate backup plans. This is because all the backup rules apply to all the resource assignments of a single backup plan. Currently, you cannot have backup rules in which you can define resource assignments based on the backup rules.

Hope the above addresses your query.

Thanks,

AWS
SUPPORT ENGINEER
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
2

Hi,

To go back to a simple "pure S3 situation", you may want to export your RDS snapshots to S3 via https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ExportSnapshot.html

Then, you use AWS Backup in its cross-account and cross-regions capabilities for AWS S3.

Best,

DIdier

profile pictureAWS
EXPERT
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago
  • This is an interesting idea and I was exited about it at first, but exporting to S3 is a manual process. Yes you can deploy some lambdas to automated it, but I really didn't want to invest that much time to get there. Again it just seems like it should be easier than this. Creating a separate backup plan seems like a lower lift between the two options. Thanks for your clever insight though.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions