You can configure backups for Amazon DynamoDB instances using an IAM role. The configuration wizard guides you through the configuration process, which includes creating any new entities that are needed, such as a plan and cloud storage.
Start the Configuration Wizard
From the Command Center navigation pane, go to Protect > Databases.
The Instances page appears.
In the upper-right area of the page, click Add instance, and then select Cloud database service.
The Add Cloud DB Instance page appears.
Select Amazon Web Services.
Click Next.
The Configure Amazon Database page appears.
Select DynamoDB.
Click Next.
The Backup Method page appears.
Review the information.
Click Next.
The IAM Role page of the configuration wizard appears.
IAM Role
From the Authentication method list, select IAM role.
Verify an existing MetallicRole IAM role or create a new MetallicRole IAM role:
If the MetallicRole IAM role was previously created for another AWS workload, do the following:
Verify that the IAM policies for the AWS workload are still attached to the MetallicRole IAM role.
At the bottom of the page, select the confirmation check box.
Click Next.
The Region page of the configuration wizard appears.
If the MetallicRole IAM role does not exist yet, create it in AWS.
Region
Select the region that the databases reside in.
Click Next.
The Backup Gateway page of the configuration wizard appears.
Backup Gateway
If AWS EBS encryption is enabled for your region in your AWS account, the user who uses the backup gateway template must be a key user for the default encryption key. To see if EBS encryption is enabled, in your AWS account, go to EC2 > EC2 Dashboard > Settings > EBS encryption. To see a list of key users for the default encryption key, in your AWS account, go to Key Management Service > Customer managed keys. If you do not have the correct level of access to use the template, you can copy the Launch Cloud Formation Stack link and share it with someone who has the correct level of access, such as your security administrator.
Determine the region of your AWS S3 storage. The backup gateway must reside in the same region as the primary storage.
Select an existing backup gateway or create a new backup gateway.
Steps to create a backup gateway
Click the add button
.The Add a new backup gateway dialog box appears.
For Platform, select the OS for the backup gateway.
Click Generate link.
An AWS CloudFormation template is created based on the region and the operating system that you selected.
Click the Launch CloudFormation Template link to open the AWS console.
Note: If AWS EBS encryption is enabled for your region in your AWS account, to use the template, you must be a key user for the default encryption key. If you are not a key user for the default encryption key, copy the Launch Cloud Formation Template link and share it with someone who is a key user, such as your security administrator.
Log on to the AWS console.
The Quick create stack page appears.
Under Parameters, enter the following information:
From the EC2 Instance Type list, select the type of EC2 instance to use for the backup gateway.
From the EC2 Key Pair list, select a key pair to use to access the Metallic backup gateway.
From the VPC ID list, select an Amazon Virtual Private Cloud (VPC).
From the Subnet ID list, select a subnet.
From the VPC CIDR list, select a VPC CIDR.
Note: Port 8403 opens on backup gateways only when the request comes from the IP ranges that are listed in the VPC CIDR field.
Click Create stack.
Wait for the Metallic backup gateway to be created.
Return to the Metallic configuration wizard.
Refresh the list of backup gateways, and then select the backup gateway that you created.
Click Next.
The Cloud Storage page of the configuration wizard appears.
Cloud Storage
To review the supported combinations of primary and secondary storage, see Metallic Storage Options.
Primary Copy
For the primary copy of the backup data, select an existing S3 storage bucket or create a new S3 storage bucket.
Steps to create an S3 storage bucket
Click the add button
.The Add cloud storage dialog box appears.
In Name, enter a descriptive name for the cloud storage.
For Authentication, select the authentication type that you want to use.
Access keys and secret keys: Enter the access key ID and the secret access key.
STS assume role with IAM role: Enter the ARN of the MetallicRole.
In Bucket, enter the Amazon S3 bucket name.
For Storage Class, select the storage class for the type of access that you want to have for the data.
Click Save.
Click Next.
Secondary Copy
Decide whether to store a secondary copy of the backup data for long-term retention.
Steps to create a secondary copy
Move the Secondary copy toggle key to the right.
For Storage location, select an existing storage location or create a new storage location.
To create a storage location, do the following:
Click the add button
.The Add cloud storage dialog box appears.
From Type, select the storage provider, and then enter the necessary values.
Storage provider
Values
Metallic Recovery Reserve
Cloud storage provider: Select Azure Blob Storage or OCI Object Storage.
Storage class: Select the storage class for the type of access that you want to have for the data.
Region: Select the region for the cloud storage.
Amazon S3
Name: Enter a descriptive name for the cloud storage.
Region: Select the region for the cloud storage.
Authentication: Select the authentication type that you want to use.
- Access keys and secret keys: Enter the access key ID and the secret access key.
- STS assume role with IAM role: Enter the ARN of MetallicRole.
Bucket: Enter the name of the bucket.
Storage class: Select the storage class for the type of access that you want to have for the data.
Click Save.
Click Next.
The Plan page of the configuration wizard appears.
Plan
A plan specifies the storage to back up the data to and other settings such as recovery point objective (RPO) settings.
Select an existing plan or create a new plan.
Click the add button
.The Add plan dialog box appears.
In the Plan name box, enter a descriptive name for the plan.
For the plan settings, select pre-defined settings or create custom settings:
To select pre-defined settings, under Retention rules, select one if the following:
Select Standard retention to retain the incremental backups for 1 month.
Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.
Note: The Extended retention option is available only when the secondary copy backup is selected.
To create custom settings, select Custom plan, and then specify the following:
For Snapshot retention, specify the number of snapshots to retain for IntelliSnap backups.
For Retention, specify the amount of time to retain the backups.
For Backups run every, specify how often to run backups.
Click Done.
Click Next.
The Cloud Account page of the configuration wizard appears.
Cloud Account
The cloud account is used to access the databases for discovery, backups, and other operations.
Select an existing cloud account or create a new cloud account.
Steps to create a cloud account
Click the add button
.The Add cloud account dialog box appears.
In Cloud account name, enter a descriptive name for the account.
Click Save.
Click Next.
The Backup Content page of the configuration wizard appears.
Backup Content
Review the list of instances that will be protected.
Click Next.
The Summary page of the configuration wizard appears.
Summary
Review the summary.
Click Finish.