> Commvault Cloud > Database > Amazon Web Services > Amazon RDS > Amazon RDS Using Snapshots > Configuring AWS Native Snapshot Backups > Configuring AWS Native Snapshot Backups Using a Backup Gateway

Configuring AWS Native Snapshot Backups for Amazon RDS Instances with IAM Role Authentication

You can configure AWS native snapshot backups for Amazon RDS instances using an IAM role. The configuration wizard guides you through the configuration process, which includes creating any new entities that are needed, such as a backup plan, cloud storage, cloud account, and backup content..

Start the Configuration Wizard

  1. From the navigation pane, go to Protect > Databases.

    The Overview page appears.

  2. In the upper-right area of the page, click Add instance, and then select Cloud database service.

    The Add Cloud DB Instance dialog box appears.

  3. Select Amazon Web Services and then click NEXT.

    The Configure Amazon Database dialog box appears.

  4. Select RDS (Snapshot) and then click NEXT.

    The Select Backup Method page appears.

Select "Back up using the gateway(s)"

  1. Select Back up using the gateway(s).

  2. Click NEXT.

The Configure Permissions page of the Configure Amazon database - RDS (Snapshot) configuration wizard appears.

Configure Permissions

  1. From the Authentication method list, select IAM role.

  2. Verify an existing CommvaultRole IAM role or create a new CommvaultRole IAM role:

    • If the CommvaultRole IAM role was previously created for another AWS workload, do the following:

      1. Verify that the IAM policies for the AWS workload are still attached to the CommvaultRole IAM role.

      2. At the bottom of the page, select the confirmation check box.

      3. Click NEXT.

        The Region page appears.

    • If the CommvaultRole IAM role does not exist yet, create it in AWS.

      Steps to create the CommvaultRole IAM role

      1. Click the Launch CloudFormation Stack link to open the AWS console.

        Important

        If you do not have permission to create a role in the AWS account, copy the Launch CloudFormation Stack link and share it with your AWS IAM administrator.

      2. Log on to the AWS console.

        The Quick create stack page appears.

      3. Under Capabilities, read the information about the template, and then select the acknowledgment check box.

      4. Click Create stack.

        Wait for the CloudFormation Stack to finish creating the CommvaultRole IAM Role. The CloudFormation Stack creates IAM policies for all supported AWS workloads, and then attaches the policies to CommvaultRole.

      5. Return to the Commvault Cloud configuration wizard.

      6. At the bottom of the page, select the confirmation check box.

      7. Click NEXT.

        The Region page of the configuration wizard appears.

Region

  1. Select the region that the RDS instances reside in.

  2. Click NEXT.

    The Backup Gateway page of the configuration wizard appears.

Backup Gateway

  • If AWS EBS encryption is enabled for your region in your AWS account, the user who uses the backup gateway template must be a key user for the default encryption key. To see if EBS encryption is enabled, in your AWS account, go to EC2 > EC2 Dashboard > Settings > EBS encryption. To see a list of key users for the default encryption key, in your AWS account, go to Key Management Service > Customer managed keys. If you do not have the correct level of access to use the template, you can copy the Launch Cloud Formation Stack link and share it with someone who has the correct level of access, such as your security administrator.

  • Determine the region of your AWS S3 storage. The backup gateway must reside in the same region as the primary storage.

  • Select an existing backup gateway or create a new backup gateway.

    Steps to create a backup gateway

    1. Click the add button add/plus button - gray - no border.

      The Add a new backup gateway dialog box appears.

    2. For Platform, select the OS for the backup gateway.

    3. Click GENERATE LINK.

      An AWS CloudFormation template is created based on the region and the operating system that you selected.

    4. Click the CloudFormation link to open the AWS console.

      Note

      If AWS EBS encryption is enabled for your region in your AWS account, to use the template, you must be a key user for the default encryption key. If you are not a key user for the default encryption key, copy the CloudFormation link and share it with someone who is a key user, such as your security administrator.

    5. Log on to the AWS console.

      The Quick create stack page appears.

    6. Under Parameters, enter the following information:

      1. From the EC2 Instance Type list, select the type of EC2 instance to use for the backup gateway.

      2. From the EC2 Key Pair list, select a key pair to use to access the Commvault Cloud backup gateway.

      3. From the VPC ID list, select an Amazon Virtual Private Cloud (VPC).

      4. From the Subnet ID list, select a subnet.

      5. From the VPC CIDR list, select a VPC CIDR.

      Note

      Port 8403 opens on backup gateways only when the request comes from the IP ranges that are listed in the VPC CIDR field.

    7. Click Create stack.

      Wait for the Commvault Cloud backup gateway to be created.

    8. Return to the Commvault Cloud configuration wizard.

    9. Refresh the list of backup gateways, and then select the backup gateway that you created.

  • Click NEXT.

    The Cloud Storage page of the configuration wizard appears.

Cloud Storage

  1. For the primary copy of the backup data, select an existing S3 storage bucket or create a new S3 storage bucket.

    Steps to create an S3 storage bucket

    1. Click the add button add/plus button - gray - no border.

      The Add cloud storage dialog box appears.

    2. From the Type list, select Amazon S3.

    3. In Name, enter a descriptive name for the cloud storage.

    4. For Storage Class, select the storage class for the type of access that you want to have for the data.

    5. In the Service host box, enter the Amazon S3 endpoint in the format s3.region.amazonaws.com.

    6. For Authentication, select the authentication type that you want to use and enter any role or credential information that is required.

      Access keys and secret keys: Enter the access key ID and the secret access key.

      STS assume role with IAM role: Enter the ARN of the CommvaultRole.

    7. In Bucket, enter the Amazon S3 bucket name.

    8. Click SAVE.

  2. Click NEXT.

    The Plan page of the configuration wizard appears.

Plan

A backup plan specifies the storage used to back up the data and other settings, such as recovery point objective (RPO) settings.

  1. Select an existing backup plan or create a new backup plan.

    Steps to create a backup plan

    1. Click the add button add/plus button - gray - no border.

      The Create server backup plan dialog box appears.

    2. In the Plan name box, enter a descriptive name for the backup plan.

    3. For the backup plan settings, select pre-defined settings or create custom settings:

      • To select pre-defined settings, under Retention rules, select one of the following:

        • Select Standard retention to retain the incremental backups for 1 month.

        • Select Extended retention for optimized storage where the incremental backups of primary and secondary copies are retained for 1 month, and extended retention for monthly and yearly full backups.

          The Extended retention option is available only when the secondary copy backup is selected.

      • To create custom settings, move the Custom plan toggle to the right, and then specify the following:

        • For Retention, specify the amount of time to retain the backup jobs.

        • For Backups run every, specify how often to run backups.

    4. Click DONE.

  2. Click NEXT.

    The Cloud Account page of the configuration wizard appears.

Cloud Account

The cloud account is used to access or identify the RDS instances for discovery, backup and restore.

  1. Select an existing cloud account or create a new cloud account.

    Steps to create a cloud account

    1. Click the add button add/plus button - gray - no border.

      The Add cloud account dialog box appears.

    2. In the Name box, enter a descriptive name for the account.

    3. Click SAVE.

  2. Click NEXT.

    The Backup Content page of the configuration wizard appears.

Backup Content

  1. Review the data that will be protected. To filter the content to be backed up, click EDIT.

    The Amazon RDS content dialog box appears.

  2. Select any of the following, then add the instances or rules as required, and then click SAVE:

    • Add Instances: This options allows user to select the whole region or selected instances from the region.

    • Add Instance rule: This option allows user to select instances based on Instance rule or Tag rule. Based on the rule criteria, the content will be selected for backup.

  3. To enable restoring data to a point in time, move the Enable Point in Time Restore toggle key to the right.

  4. In the Retention period box, enter the number of days to retain the data.

    Note

    When you back up the point in time restore enabled instance, the retention period will be updated in the AWS console.

  5. Click NEXT.

    The Summary page of the configuration wizard appears.

Summary

  1. Review the summary.

  2. Click FINISH.

Loading...