Post

Backing Up n8n Workflows and State on AWS

Posted
By Nathan Berg
1 min read
Backing Up n8n Workflows and State on AWS

n8n backups are not just database snapshots. A useful recovery plan needs workflow exports, credentials that can still decrypt, task definitions, container image references, and enough deployment history to recreate the platform.

On ECS, the recovery boundary should be explicit: what must exist to bring automation back after a bad deployment, data loss, or account-level incident?

Context

Problem: Teams often back up the database but forget encryption keys, workflow provenance, and runtime configuration. Approach: Define n8n recovery artifacts and test restore into an isolated ECS environment. Outcome: Recovery becomes repeatable instead of a scramble through old consoles and shell history.

Recovery artifacts

Track these items:

  • RDS PostgreSQL snapshots.
  • Workflow exports in Git.
  • Credential encryption key in a protected secret store.
  • ECS task definition revisions.
  • Container image digests.
  • ALB, WAF, and DNS configuration.
  • Redis configuration for queue mode.
  • IAM roles and policies.
  • Release notes and migration history.

The encryption key is critical. A database restore without the correct key may restore records that cannot be used.

Restore drill

Run a restore into a non-production account or isolated environment:

1
2
3
4
5
6

1. Restore database snapshot.
2. Deploy ECS service from known task definition.
3. Inject matching encryption key.
4. Confirm workflows and credentials load.
5. Run smoke workflows with safe test credentials.
6. Validate webhook routing only after approval.

Do not wait for an incident to discover that staging cannot restore production-shaped data.

Backup cadence

Use different cadences for different artifacts:

  • Database snapshots: frequent and retained by business need.
  • Workflow exports: every approved change.
  • Task definitions: every release.
  • Secrets inventory: every rotation event.
  • IAM policy snapshots: every infrastructure change.

Backups should align with the pace of change, not a generic weekly schedule.

Blue team concerns

Backups may contain sensitive workflow names, credentials metadata, execution payloads, and incident details. Control access, encrypt backup storage, and log restore operations. A backup environment with weak access controls can become a quieter copy of production risk.

Takeaways

Reliable n8n recovery on AWS requires database state, encryption keys, workflow exports, and ECS configuration together. Test the full restore path, not just the snapshot button.

blog
n8n aws backup ecs resilience
This post is licensed under CC BY 4.0 by the author.