What is the easiest way of enabling cross-region AND cross-account backups for Redshift.

I'm making heavy use of AWS Backup to manage the backing up of all of our data resources across AWS and it's great.

However, the lack of support for cross-region and cross-account backups for Redshift is frustrating, as the data we have in Redshift is arguably the most critical for our business.

I know I can enable cross-region snapshotting for Redshift, but I also want to ensure a completely independent copy of these snapshots is available in another AWS account in the event of a security breach in the "origin" account for our RS data warehouse.

With the lack of "out of the box" support for doing this in AWS Backup, what's the next best way of achieving this. (Note that I don't see simply "sharing" a snapshot between accounts to be sufficient, as I understand that this means there's still only actually one copy in the "origin" account (that you're allowing another account to access) rather than creating a secondary copy that couldn't be deleted for example if the origin account was compromised).

Topics

Storage Management & Governance Analytics

Tags

Disaster Recovery/Business Continuity AWS Backup AWS Organizations Amazon Redshift AWS Account Management

Language

English

cgddrd

asked 9 months ago728 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

AWS Backup can create Redshift backups, but it is not clear if cross account copies are possible.
So the only way to accomplish your requirements is to create a Lambda or similar that automates what is described in the following document.
https://repost.aws/knowledge-center/account-transfer-redshift

EXPERT

Riku_Kobayashi

answered 9 months ago

EXPERT

Giovanni Lauria

reviewed a month ago

cgddrd
9 months ago
Thanks very much, this makes sense but is also less than ideal as we would be required to pay to host a secondary Redshift cluster in the backup account just for the purpose of having an independent copy of the latest snapshot from the original cluster. That's a high financial cost when all I actually care about is having a snapshot file stored (I don't actually want to run another cluster on warm standby). Feels like a feature set is definitely missing here.
Riku_Kobayashi EXPERT
9 months ago
How about implementing a Lambda action to copy the snapshot without restoring it in the destination AWS account? In the document I shared, I shared a snapshot and then did a restore. Here, copying the snapshot without restoring will be less expensive than restoring.
Riku_Kobayashi EXPERT
9 months ago
How about changing the way of thinking and sharing the data itself, instead of snapshots, to S3 in a separate account? This method is not a snapshot and takes a little longer to restore, but if you are familiar with Redshif operations and settings around S3 permissions, this may be easier. https://repost.aws/knowledge-center/redshift-s3-cross-account
cgddrd
9 months ago
Hi Riku, thanks so much for coming back to me with further info. Regarding the S3 UNLOAD, that's certainly an idea we could look into. I'm curious about your other suggesting where we can 'copy' a snapshot to another account without restoring? In the document you shared, all I can find here are references to "sharing" a snapshot, rather than actually copying to another account. If we can guarantee we are making an actual copy of the snapshot from Account A in Account B, then that's ideal for us. Am I missing something here about what "sharing" means in this context?
Riku_Kobayashi EXPERT
9 months ago
I have not tried this, but I thought it might be possible to make a cross-account copy in Redshift by using AWS Backup to create a backup plan that supports cross-accounts just like EC2 and RDS. https://docs.aws.amazon.com/aws-backup/latest/devguide/create-cross-account-backup.html
Note that there was no option to copy snapshots when they were shared cross-account, so probably standard snapshot sharing cannot be used to copy them.

Relevant content

Taking Backup of Dynamodb table and restoring it using amplify.
YAKAZAKI
asked 2 months ago
Performance Impacts Of AWS Backup
Sunishthaa Sharma
asked a year ago
Is it possible to back up RDS snapshots in AWS Backup?
Accepted Answer
Delaney
asked 8 months ago
Automating the Restoration of VMware Backups performed by AWS Backup
AnthonyC
asked 10 months ago
Why is AWS Backup unable to back up my FSx for ONTAP volume?
AWS OFFICIALUpdated a year ago
How can I create a backup of my AWS DMS task settings using the AWS CLI and jq?
AWS OFFICIALUpdated 4 months ago
How can I disable automatic backups in Amazon EFS and remove the stored backup data?
AWS OFFICIALUpdated 4 years ago
How can I use AWS Backup to create a backup of my AWS resources?
AWS OFFICIALUpdated 8 months ago
Unlocking the Secrets of AWS Identity and Access Management
EXPERT
Giovanni Lauria
published a month ago
Recovering a VMware Cloud on AWS VM backup to EC2 using AWS Backup
EXPERT
apylnev
published a year ago