How to Enable Cross-Region Backups in AWS-Backup
Problem
AWS Backup is a regional component that can backup a ton of resources. It is often very helpful to save your backups in another region in case of a disaster.
Solution
TL;DR:
Create a backup vault and point to it via
destination_vault_arn
variable!Currently, this requires deploying the component into two different regions. The first is a normal aws-backup component. This includes a plan
, a vault
, and an iam
role. The second aws-backup component should be deployed to the cross-region destination.
# <default-region>-<stage>.yaml
components:
terraform:
aws-backup:
vars:
# https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html
schedule: cron(0 0 * * ? *) # Daily At 12:00 AM UTC
start_window: 60 # Minutes
completion_window: 240 # Minutes
cold_storage_after: null # Days
delete_after: 14 # Days
destination_vault_arn: null # Copy to another Region's Vault
copy_action_cold_storage_after: null # Copy to another Region's Vault Cold Storage Config (Days)
copy_action_delete_after: null # Copy to another Region's Vault Persistence Config (Days)
backup_resources: []
selection_tags:
- type: "STRINGEQUALS"
key: "aws-backup/resource_schedule"
value: "dev-daily-14day-backup"
# <default-region>-<stage>.yaml
components:
terraform:
aws-backup:
vars:
plan_enabled: false
iam_role_enabled: false
info
This will only create a vault!
Create the cross-region backup vault first. Grab its ARN, and set it to the value of the destination_vault_arn
. Apply the component and you now have cross-region backups enabled.