AWS Virtual Private Cloud (VPCs) enables you to launch AWS resources into a virtual network that you’ve defined. But what happens if the network fails or VPC is deleted? It’s always a good idea to back up your Amazon VPC.
Veeam Backup for Amazon Web Services (Veeam Backup for AWS) is one of the best solutions developed for protection. It allows you to back up configuration data for AWS VPCs for easy rebuilding, if necessary.
In this tutorial, you will learn how to back up AWS VPC configuration data for free with Veeam!
This post is kindly sponsored by Veeam. To learn about how Veeam can help back up your AWS data, be sure to check out the free “choose your own adventure”-style Veeam AWS eBook!
This post will be a step-by-step tutorial. If you’d like to follow along, please be sure you have the following in place:
- An AWS Virtual Private Cloud (VPC) to back up.
- Veeam Backup for AWS installed on a machine of your choosing.
- The required Veeam IAM roles with access to back up your VPC.
You may incur a small charge for creating a VPC on AWS. When you’re done, be sure to delete the VPC!
How Veeam Backup for an AWS VPC Works
Veeam Backup for AWS is a backup and restore application that reads your AWS data and backs it up (or the instructions to restore it) to another location for later restoration. One component of Veeam Backup for AWS is its ability to backup AWS VPC configuration data.
To provide the ability to restore an AWS VPC at a later time, Veeam Backup takes snapshots via API calls, typically known as backup sessions of a VPC defined via a backup policy. The snapshot contains all metadata required to restore that VPC and is written to a configuration database known as a restore point.
Veeam Backup for AWS consists of three primary components:
1. Backup Appliance – An EC2 instance that helps with snapshot creation, backups policy schedule, and recovery tasks. It also checks, views, and installs products. The backup appliance contains some components such as:
- The configuration database – The database stored in AWS contains all of the metadata associated with Veeam Back-ups, such as various backup policies and VPC backup configurations.
- Web UI – Web interface that allows user access to the Veeam Backup for AWS functionality.
- Updater service — Updater service allows to install and update the package updates.
2. Worker Instance – A Linux EC2 instance responsible for the communication between the backup appliance and other components of the Veeam Backup for AWS infrastructures such as S3 repo and configuration database.
Veeam Backup for AWS does not install agent software inside instances to retrieve data; instead creates a snapshot for each instance added to a backup policy.
3. AWS S3 repositories (Optional) – Optional data stored in S3 containing copies of the VPC configuration. By default, VPC configurations are stored in the configuration database.
If you’d like to maintain more copies of your VPC configuration data and optionally encrypt them, you can use S3 repositories.
Configuring the VPC Configuration Backup Policy
To provide instructions to when and how to back up VPC configuration data, Veeam uses a backup policy. This backup policy, known as VPC Configuration Backup contains a set of instructions such as:
- When to initiate a VPC configuration backup
- Where to store the VPC configuration (the configuration database or S3 repositories)
- The AWS regions to look for VPCs to back up.
- Defining how long to keep VPC backups through retention settings
By default, the VPC Configuration Backup policy is disabled, but you’ll have to configure and enable the policy if you actually expect to use this product. Let’s do that now.
Assuming you already have Veeam Backup for AWS installed:
1. Launch Veeam Backup for AWS.
2. Click on Policies —> VPC —> VPC Configuration Backup —> Edit. This action will open the VPC backup policy screen, where you’ll see various ways to configure how Veeam backs up your VPC configurations.
Under the Policies section, you will see other tabs such as EC2 and RDS. Backing up VPCs is only one feature of Veeam Backup for AWS.
3. On the Regions screen in the left menu, select the region(s) that contain the VPCs you’d like to back up.
By default, Veeam Backup for AWS automatically collects and backs up VPC configuration data for all AWS regions.
4. Click on Target in the left menu. The Target screen is where you can define where to optionally store additional copies of VPC configuration data in S3 repositories.
Choosing to store VPC configuration data in an S3 repository is completely optional.
5. Click on Choose repository and select the S3 repository you’d like to store an additional copy of the VPC configuration data to. When you’re done, click on Apply.
S3 repositories are tied to S3 buckets. If you’d like to create an S3 repository, you must first create an S3 bucket to support it.
6. Click on Retention in the left menu. The Retention screen is where you can configure how often to take snapshots of your VPCs and the maximum time a snapshot or restore point is stored.
7. Click on the Collect data every… link and specify how often to take VPC snapshots (Collect data every) and how long to keep those snapshots in the configuration database (Keep for).
8. Finally, click on Summary in the left menu and Finish after reviewing the configured backup policy to confirm the new backup policy settings.
Toggling the VPC Configuration Backup Policy
Configuring the VPC backup policy is only the first step to using Veeam Backup for AWS to backup AWS VPCs. You must now enable it.
To enable the VPC Configuration Backup policy, navigate to the VPC Policies screen again as you did in the previous section and click on Enable, as shown below. Enabling the policy allows the backup routine to begin.
When you enable the VPC backup policy, the Enable option will turn to Disable, allowing you to disable it at any time. When you disable the policy, all current backup routines will stop, and the schedule will be disabled.
Starting and Stopping Backup Sessions Manually
Although by enabling the backup policy, you’re telling Veeam to backup VPC configuration data regularly, perhaps you need to create a quick, ad-hoc backup. In that case, you can invoke a backup manually.
To force Veeam to back up VPCs defined in your backup policy automatically, navigate back to the Policies —> VPC screen and click Start, as shown below.
Monitoring Backup Session Status
You’ve now started a backup session to back up your VPC but how do you know if it’s actually working? You’ll need to inspect the logs.
When Veeam backs up an AWS VPC, it stores logging information in the configuration database. You can view these logs via the UI by clicking on the Sessions Log screen below.
If you’d like to view the detailed status of an individual task executed during an operation, click on the Status link and you will see the details of each task as shown below.
Veeam Backup for AWS is a great tool to back up your AWS VPC configurations. In this tutorial, you’ve learned how to set up a VPC configuration backup policy and create your first backup.
VPC backups are only one feature of Veeam Backup for AWS. If you have an EC2 instance or RDS database you’d like to protect, check out Veeam’s AWS EC2 and RDS instance backup functionality and be sure to check out the free “choose your own adventure”-style Veeam AWS eBook!