By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

automated and managed cross-account backup S3, RDS, EBS

0

A customer wants to automate the backup for S3 buckets, EBS snapshots and RDS snapshots to another, independent account to be able to restore the application data in case an administrator account in the organization is compromised and a ransomware attack is executed. The customer wants to do this in an automated, maintenance free way.

At first I suggested using scheduled Lambdas in the independent accounts that use IAM roles to access the "to-be-backuped" buckets and snapshots and pull them into the independent account. However, this solution requires the implementation and maintenance of code. I was looking into AWS backup as I thought it would be able to create RDS and EBS Snapshot backups on a schedule to S3. I would then have recommended the customer to use this and setup cross-account replication of the buckets with a transfer of ownership of the objects in the replicated bucket to the independent account.

However, it seems that AWS backup uses S3 as a storage location for the backups, the backups themselves are not visible/accessible this way. I am looking for a low effort, maintenance free way of achieving cross account (destination account being outside of the org) backups for S3, EBS, and RDS

Topics
Storage
Tags
Disaster Recovery/Business ContinuityBackup & Recovery
Language
English
AWS
Frank_B
asked 3 years ago2019 views
3 Answers
1

AWS Backup now provides snapshot backups of EBS, EC2, RDS and S3 with support for cross region and cross account replication. S3 and RDS can have continuous backups to allow for point-in-time recovery of up to 35 days ago. With Vault Lock it is possible to protect backups from being deleted by any account before the retention period has ended.

Fydon_
answered 2 years ago
0
Accepted Answer

You can achieve this with AWS Backup and Organizations: https://docs.aws.amazon.com/aws-backup/latest/devguide/recov-point-create-a-copy.html#create-cross-account-backup

For S3, you could also achieve it with S3 Replication: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-walkthrough-2.html

Update: DLM now supports copying EBS snapshots cross-account: https://aws.amazon.com/blogs/storage/automating-copying-encrypted-amazon-ebs-snapshots-across-aws-accounts/

AWS
EXPERT
Luca_I
answered 3 years ago
0

Hi all, I understand AWS Backup now supports cross account backups for S3, however I assume it will still be from one backup vault to other backup vault. Is there a way to copy from backup vault to a non AWS managed S3 bucket?? Thanks

rePost-User-4972610
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content