Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

automated and managed cross-account backup S3, RDS, EBS

0

A customer wants to automate the backup for S3 buckets, EBS snapshots and RDS snapshots to another, independent account to be able to restore the application data in case an administrator account in the organization is compromised and a ransomware attack is executed. The customer wants to do this in an automated, maintenance free way.

At first I suggested using scheduled Lambdas in the independent accounts that use IAM roles to access the "to-be-backuped" buckets and snapshots and pull them into the independent account. However, this solution requires the implementation and maintenance of code. I was looking into AWS backup as I thought it would be able to create RDS and EBS Snapshot backups on a schedule to S3. I would then have recommended the customer to use this and setup cross-account replication of the buckets with a transfer of ownership of the objects in the replicated bucket to the independent account.

However, it seems that AWS backup uses S3 as a storage location for the backups, the backups themselves are not visible/accessible this way. I am looking for a low effort, maintenance free way of achieving cross account (destination account being outside of the org) backups for S3, EBS, and RDS

Argomenti
Archiviazione
Tag
Ripristino di emergenza/Continuità operativaBackup e ripristino
Lingua
English
AWS
Frank_B
posta 3 anni fa2034 visualizzazioni
3 Risposte
1

AWS Backup now provides snapshot backups of EBS, EC2, RDS and S3 with support for cross region and cross account replication. S3 and RDS can have continuous backups to allow for point-in-time recovery of up to 35 days ago. With Vault Lock it is possible to protect backups from being deleted by any account before the retention period has ended.

Fydon_
con risposta 2 anni fa
0
Risposta accettata

You can achieve this with AWS Backup and Organizations: https://docs.aws.amazon.com/aws-backup/latest/devguide/recov-point-create-a-copy.html#create-cross-account-backup

For S3, you could also achieve it with S3 Replication: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-walkthrough-2.html

Update: DLM now supports copying EBS snapshots cross-account: https://aws.amazon.com/blogs/storage/automating-copying-encrypted-amazon-ebs-snapshots-across-aws-accounts/

AWS
ESPERTO
Luca_I
con risposta 3 anni fa
0

Hi all, I understand AWS Backup now supports cross account backups for S3, however I assume it will still be from one backup vault to other backup vault. Is there a way to copy from backup vault to a non AWS managed S3 bucket?? Thanks

rePost-User-4972610
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente