- Newest
- Most votes
- Most comments
Depending on what you are backing up you can use S3 and have the data replicated to another account that is locked down and outside of the organization.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-2.html
One possible option would be to use AWS DataSync to replicate data to the separate backup account. Schedule it to run automatically and handle encryption. Less centralized management than AWS Backup though.
However, having backup accounts outside the Org does add complexity. I'd try to evaluate the real risks - a malicious actor with root access could likely impact backups in many cases even across accounts. So focusing on prevention via IAM, MFA, monitoring etc may be a preferred approach vs complex cross-account backups.
But can I use DataSync to replicate the data/backups that were made in AWS Backup to another account? Or does AWS Backup not allow this type of replica coming from DataSync? I would have to directly replicate my data, right?
Relevant content
- asked 2 months ago
- asked 8 months ago
- asked 9 months ago
- asked 8 months ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 8 months ago
I want to backup EBS, DynamoDB and RDS. In that case, I put a copy of the data in S3 and make a cross account copy, right?
I am not an expert on DynamoDB and RDS, but EBS has the EBS Snapshot Archive available. https://aws.amazon.com/blogs/aws/new-amazon-ebs-snapshots-archive/