The Veeam Cookbook Series

A simple step by step no frills approach to achieving your goal

Recipe: Creating AWS EC2 Backup Policies

Expected deliverables:

A new policy to create image-level backups of AWS EC2 instances.

Time to complete: 5 minutes

Ingredients:

  • AWS S3 Bucket configured as Backup Repository to protect AWS EC2 instances.
  • If you want to enable Guest Processing Settings, then
    • The backup appliance must have outbound internet access to the SSM service.
    • The EC2 instances must have the 443 network port opened for outbound internet access to the SSM service and be configured to communicate with AWS System Manager
    • SSM Agent must be installed on the EC2 instances.
  • A Worker Configuration in the same region and availability zone where the protected EC2 instances reside.

Before you start: One backup policy can be used to process one or more instances either within one AWS account or within an entire AWS Organization. The scope of data that you can protect in an AWS account is limited by permissions of an IAM role that is specified in the backup policy settings The Review Estimated Cost will be available only if you have created a schedule for the backup policy at the Schedule step.

Assumptions: You have an existing Veeam Backup for AWS deployment.

Method:

  1. Login the Veeam Backup for AWS web interface. Navigate to Policies > EC2 and Click in Add
  2. At the Info step, enter a Name and Description for the new backup policy.
  3. At the Sources step, choose one of the following options
    • Select the Account option if you want to back up EC2 instances belonging to a single AWS account. Then, specify an IAM role with proper privileges
    • Select the Organization option if you want to back up EC2 instances within an AWS Organization
  4. At the Resources step,
    • In the Regions section, click Choose regions to select the regions in which EC2 instances that you want to protect reside.
    • In the Resources section, click Choose resources to protect to select EC2 instances that Veeam Backup for AWS will back up. You can choose to protect all EC2 instances, or specific EC2 instances.
  5. At the Guest Processing step, as an option you can choose whether you want to enable Application Processing or Guest Scripting for consistent snapshots.
  6. At the Targets step:
    • Click Replica Snapshot if you want to replicate the snapshot to a different region. Then click in Configure region mapping to configure the target Region.
    • To create image-level backups, set the Enable backups toggle to On. Then, in the Repositories window, select a backup repository where the created image-level backups will be stored. Click Apply.
    • To store long-term backups into a low-cost archive storage, select the Archives will be stored in check box. Then, in the Repositories window, select a backup repository where the archived data will be stored. Click Apply.
  7. At the Schedule step you can instruct Veeam to start the backup policy automatically (Daily/Weekly/Monthly/Yearly) according to a specific backup schedule or leave the default for manual backup. Combining multiple schedule types together allows you to use the archive backup option.
  8. At the Tags step, you can assign custom tags to cloud-native snapshots created by the backup policy. You can also choose to copy the tags from the source EBS volumes. Click Next
  9. At the Settings step, you can enable automatic retries, schedule health checks and specify notification settings for the backup policy, otherwise leave the default and click Next
  10. At the Cost Estimation step, review the approximate monthly cost of AWS services that Veeam will require to protect the VM instances added to the backup policy. Click Next
  11. At the Summary step, review configuration information and click Finish.

Links to Resources:

Back to top

Copyright © 2025 Solutions Architects, Veeam Software.