Protecting Amazon Virtual Private Cloud (Amazon VPC)

In a previous blog, we spoke about the explosive growth of AWS, and how more and more people are turning to the public cloud to accommodate growth in their IT infrastructure. Due to this growth, companies are now starting to discover that their traditional backup strategies and products no longer fit the requirements of these cloud platforms. Some of the challenges facing IT organizations today are around not only protecting and restoring workloads, but also the configurations of the actual cloud environment itself. This is just like in the on-premises world where infrastructure configurations are protected, like network switch configurations, VMware vCenter, firewall rules, etc. In AWS, the equivalent service that provides these resources is called Amazon Virtual Private Cloud (Amazon VPC).

Amazon VPC considerations

In AWS, the considerations are the same. If you have ever looked at what is needed to deploy a workload in AWS, it is not just the instance or virtual machines (VMs) that are configured. You also have subnets, security groups (firewall rules) and a lot of similar components to what has traditionally been protected in the on-premises world. AWS describes Amazon VPC as below:

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Now that we understand what a VPC is, we have to consider how we can protect and restore this critical part of an AWS environment. As an example, if we need to restore an AWS instance to a new region, this is extremely easy to do with Veeam’s cloud-native offering for AWS: Veeam Backup for AWS. Pick the region and restore the instance. Sounds simple, however, as an IT admin who is restoring workloads always knows, it’s not just the workload that needs to be taken into consideration. What about those firewall rules, IP addresses, VPC end points and so on? If we lose these configurations, we have no access to the workload, and manually figuring out what needs to be configured is not really an adequate solution in today’s modern IT world.

Protecting Amazon VPC settings across multiple AWS accounts

With Veeam Backup for AWS, it is extremely easy to not only protect Amazon EC2 and Amazon RDS instances, but we can also protect and restore all the Amazon VPC configuration items, in one or many AWS regions. We can even protect these configuration items across multiple AWS accounts, and also restore any or all configuration items into a region or different AWS account.

By default, Veeam Backup for AWS automatically discovers, collects, and protects VPC settings for the default AWS account. We have the option to add multiple AWS accounts to protect those VPC settings across them.

Once we have the collection defined, all the configuration options are now protected and are stored in the Veeam Backup for AWS database. You can also choose these to be offloaded to an external Amazon S3 object storage bucket for added protection. We won’t go into every configuration item protected by Veeam Backup for AWS, that information is contained in the Veeam Backup for AWS user guide.

Tracking changes in VPC configuration items

Once we have the VPC items protected, we can check for and compare changes. Through the protected data area of Veeam Backup for AWS, we can see if any changes have been made to the regions and browse the configuration items.

One of the powerful options within Veeam Backup for AWS is the compare feature. This allows us to compare different restore points to see if any changes have been made. Think of a scenario where a workload no longer has access to the internet. We can quickly and easily pick a restore point in the past when we knew this workload had access and was functioning, and compare it to the current backup.

Restoring VPC components

By selecting a restore point that has detected changes, we can restore either the full backup for that VPC or pick individual components to restore.


In summary, what we have discovered today is that protecting workloads in the public cloud is similar in nature to protecting workloads in the on-premises data center. While it is extremely quick and easy to deploy workloads in the public cloud, it is still the consumer’s responsibility to protect that data. Every public cloud provider has a shared responsibility model that explains what the customer can expect from them. Data protection is always the responsibility of the person consuming the service. The same goes for the configuration options of every AWS or other public cloud account. If it is critical to the functionality of any workload you deploy, then you need to worry about how you can protect and recover in the event of a failure or even accidental deletion.

Veeam Backup for AWS lets you backup and restore your Amazon VPCs completely free. No limits whatsoever. If you’re interested in taking Veeam Backup for AWS for a spin, register here to get 30 days FREE AND $250 in AWS credits to offset the costs!

Similar Blog Posts
Technical | June 12, 2024
Business | June 10, 2024
Business | June 5, 2024
Stay up to date on the latest tips and news
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
You're all set!
Watch your inbox for our weekly blog updates.

Native AWS backup and recovery

Veeam Backup
for AWS