By using AWS re:Post, you agree to the Terms of Use
/automated and managed cross-account backup S3, RDS, EBS/

automated and managed cross-account backup S3, RDS, EBS


A customer wants to automate the backup for S3 buckets, EBS snapshots and RDS snapshots to another, independent account to be able to restore the application data in case an administrator account in the organization is compromised and a ransomware attack is executed. The customer wants to do this in an automated, maintenance free way.

At first I suggested using scheduled Lambdas in the independent accounts that use IAM roles to access the "to-be-backuped" buckets and snapshots and pull them into the independent account. However, this solution requires the implementation and maintenance of code. I was looking into AWS backup as I thought it would be able to create RDS and EBS Snapshot backups on a schedule to S3. I would then have recommended the customer to use this and setup cross-account replication of the buckets with a transfer of ownership of the objects in the replicated bucket to the independent account.

However, it seems that AWS backup uses S3 as a storage location for the backups, the backups themselves are not visible/accessible this way. I am looking for a low effort, maintenance free way of achieving cross account (destination account being outside of the org) backups for S3, EBS, and RDS

2 Answers

AWS Backup now provides snapshot backups of EBS, EC2, RDS and S3 with support for cross region and cross account replication. S3 and RDS can have continuous backups to allow for point-in-time recovery of up to 35 days ago. With Vault Lock it is possible to protect backups from being deleted by any account before the retention period has ended.

answered 3 months ago
Accepted Answer
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions