automated and managed cross-account backup S3, RDS, EBS
A customer wants to automate the backup for S3 buckets, EBS snapshots and RDS snapshots to another, independent account to be able to restore the application data in case an administrator account in the organization is compromised and a ransomware attack is executed. The customer wants to do this in an automated, maintenance free way.
At first I suggested using scheduled Lambdas in the independent accounts that use IAM roles to access the "to-be-backuped" buckets and snapshots and pull them into the independent account. However, this solution requires the implementation and maintenance of code. I was looking into AWS backup as I thought it would be able to create RDS and EBS Snapshot backups on a schedule to S3. I would then have recommended the customer to use this and setup cross-account replication of the buckets with a transfer of ownership of the objects in the replicated bucket to the independent account.
However, it seems that AWS backup uses S3 as a storage location for the backups, the backups themselves are not visible/accessible this way. I am looking for a low effort, maintenance free way of achieving cross account (destination account being outside of the org) backups for S3, EBS, and RDS
- 最新
- 投票最多
- 评论最多
AWS Backup now provides snapshot backups of EBS, EC2, RDS and S3 with support for cross region and cross account replication. S3 and RDS can have continuous backups to allow for point-in-time recovery of up to 35 days ago. With Vault Lock it is possible to protect backups from being deleted by any account before the retention period has ended.
You can achieve this with AWS Backup and Organizations: https://docs.aws.amazon.com/aws-backup/latest/devguide/recov-point-create-a-copy.html#create-cross-account-backup
For S3, you could also achieve it with S3 Replication: https://docs.aws.amazon.com/AmazonS3/latest/dev/replication-walkthrough-2.html
Update: DLM now supports copying EBS snapshots cross-account: https://aws.amazon.com/blogs/storage/automating-copying-encrypted-amazon-ebs-snapshots-across-aws-accounts/
Hi all, I understand AWS Backup now supports cross account backups for S3, however I assume it will still be from one backup vault to other backup vault. Is there a way to copy from backup vault to a non AWS managed S3 bucket?? Thanks
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 6 个月前
