For many organizations, the data that they possess is one of their most valuable assets for day-to-day operations, continuation and future growth. Such organizations place a great deal of trust in a reliable Information Technology (IT) department to protect such valuable assets through daily/weekly data backups, restorations when required and most likely a regular test plan to ensure data can be protected or recovered efficiently and reliably when needed.

In my backup plan below, I’ll demonstrate how backing up data and testing restores in the cloud is easier when compared to on-premises datacenters by automating the process with an appropriate notification system that will ensure data is backed up frequently, tested to ensure expected recovery and the appropriate people are notified in case of failure.

Cloud Backup, Restore Testing Roadmap


Let’s follow some steps to create the CloudFormation Stack.

  1. Click Create Stack, after doing so, select your options as offered:

a. Prepare template.

b. Template source.

c. Amazon S3 URL

(Your screen should reflect the options chosen below).

Notice: The “View in Designer” box is not hiding any text; the S3 URL simply wraps to the next line.

2. Click Next.

Let’s provide some Stack details for Stack name and Parameters:

1. Fields to be filled in:

a. Type your desired Stack name, under Stack name.

b. Select the drop-down menu to select an Availability Zone.

c. I’d recommend leaving the default LatestAmild as is; this retrieves the latest AMI ID for Amazon Linux 2

d. For NotificationEmail, provide an email address to a mailbox that will receive notifications.

2. Click Next, then Next again.

  1. Scroll to the bottom, select the check box for acknowledgement for the statement above it.
  2. Click Create stack.

Note: Once Stack creations starts, monitor the issued email inbox. You should receive an email from SNS with the subject “AWS Notification — Subscription Confirmation” Click the link for Confirm subscription of the email to the SNS topic.

3. Go to the Outputs section for your Stack, document the Key and Value for each output; will appear like this;

4. After documenting the Key and Values, you can view the simple application running on your instance by clicking the URL value above.


1. Let’s create a Backup Plan; complete these options.

· Select Build a New Plan

· Complete Backup plan name (Your choice)

Let’s continue by setting the backup configuration, complete your configuration as shown below;

2. Once frequency has been established, you will need to specify a backup window — a period of time during which data is being backed up from your data sources. Backups could cause you data sources to be temporarily unavailable, be mindful as to when you run them; business hours vs. scheduled downtime.

If your environment doesn’t have a requirement to store and recover data after extended periods of time, be sure to set the values for Transition to cold storage to Never. Click Create Plan.

Navigate back to the AWS Backup pop-out menu.

3. Click backup vaults, then Create Backup vault.

Note: If you are backing up multiple workloads, it is recommended to use different Backup Vaults.

Complete the backup vault name (Your choice) and select the KMS encryption master key as shown in the following diagram.

Tags are optional, Click Create Backup Vault.

Choose Backup Plans from the side Pop-out menu.

Click the Backup plan you created earlier.

After clicking your backup plan, scroll to the Resource Assignments section, Click Assign resources to display as shown.

Complete the Resource assignment name (Your choice), leave the IAM role as default.

Complete the Assign resources section

· Assign by

· Key

· Value

Note: Tags are case sensitive as well, be mindful of their settings.

Click Assign resources.


1. Run your CMD with Administrator privileges to access the resources through the AWS CLI, click here to select the AWS CLI version, the OS platform you’re using as host, and to download/install the tool.

2. You can run the “aws –version” command if you need to verify the version you installed.

3. You can run the “aws configure” command if you need to configure your IAM user to have the privileges to execute an access key and secret key.

a. You can also do this from your graphical user interface in the IAM dashboard.

Edit and run the command below to enable notifications with messages published to the SNS Topic every time a backup or restore is completed to ensure your operation team is aware of any failures.

Note: Use your settings from outputs arn values from your SNSTopicARN Key in your CloudFormation stack.

aws backup put-backup-vault-notifications — region us-east-1 — backup-vault-name BACKUP-LAB-VAULT — backup-vault-events BACKUP_JOB_COMPLETED RESTORE_JOB_COMPLETED — sns-topic-arn <YOUR SNS TOPIC ARN>


Let’s test the recovery of a data source:

1. Create and On-Demand Backup from the AWS backup dashboard.

2. Let’s fill in the settings for the following, compare to the diagram that follows;

o Resource type = EC2 type used for the Backup plan

o Instance ID = Is the Physical ID for the resource used

o Backup window = Timeframe to run jobs

o Backup vault = Storage location

o IAM role = Permissions granted to perform job

3. When the job is created, click on Jobs then select Backup jobs

4. Check the Job ID for the details to the Recovery Point ARN, Resource ID and Resource type.

5. You will receive three emails from AWS, each contain details to the Backup job, you can compare them against your configurations in steps 3 through 6.

6. This is my Restore job status and details, I wasn’t lucky enough to catch it as it was running however you can see it was completed successfully.


1. Open the AWS CloudWatch console.

2. Click on Log groups under Logs from the left pop-out menu.

3. Under Log group, click the group there to view the streams,

4. Click each log stream to view the output of the Lambda function’s execution to understand the different steps performed by the function to automate this process.

Best Practices Implemented:

2. Perform data backup automatically or reproduce the data from sources automatically.

3. Perform periodic recovery of the data to verify backup integrity and processes.

NOTE: Some formatting and code may be unaligned and misrepresented, if you need clarification, please reach out for a .PDF version of this post.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store