Backup and recovery approaches on AWS - AWS Prescriptive Guidance

Backup and recovery approaches on AWS

Khurram Nizami, Amazon Web Services (AWS)

September 2022 (document history)

This guide discusses how to implement backup and recovery approaches using Amazon Web Services (AWS) services for on-premises, cloud-native, and hybrid architectures. These approaches offer lower costs, higher scalability, and more durability to meet recovery time objective (RTO), recovery point objective (RPO), and compliance requirements.

This guide is intended for technical leaders who are responsible for protecting data in their corporate IT and cloud environments.

This guide covers different backup architectures (cloud-native applications, hybrid, and on-premises environments). It also covers associated Amazon Web Services (AWS) services that can be used to build scalable and reliable data-protection solutions for the non-immutable components of your architecture.

Another approach is to modernize your workloads to use immutable architectures, reducing the need for backup and recovery of components. AWS provides a number of services to implement immutable architectures and reduce the need for backup and recovery, including:

  • Serverless with AWS Lambda

  • Containers with Amazon Elastic Container Service (Amazon ECS), Amazon Elastic Kubernetes Service (Amazon EKS), and AWS Fargate

  • Amazon Machine Images (AMIs) with Amazon Elastic Compute Cloud (Amazon EC2)

As the growth of enterprise data accelerates, the task of protecting it becomes more challenging. Questions about the durability and scalability of backup approaches are commonplace, including this one: How does the cloud help meet my backup and restore needs?

Why use AWS as a data-protection platform?

AWS is a secure, high-performance, flexible, money-saving, and easy-to-use cloud computing platform. AWS takes care of the undifferentiated heavy lifting required to create, implement, and manage scalable backup and recovery solutions.

There are many advantages to using AWS as part of your data protection strategy:

  • Durability: Amazon Simple Storage Service (Amazon S3), Amazon S3 Glacier, and S3 Glacier Deep Archive are designed for 99.999999999 percent (11 nines) of durability. Both platforms offer reliable backup of data, with object replication across at least three geographically dispersed Availability Zones. Many AWS services use Amazon S3 for storage and export/import operations. For example, Amazon Elastic Block Store (Amazon EBS) uses Amazon S3 for snapshot storage.

  • Security: AWS provides a number of options for access control and data encryption while in-transit and at-rest.

  • Global infrastructure: AWS services are available around the globe, so you can back up and store data in the Region that meets your compliance and workload requirements.

  • Compliance: AWS infrastructure is certified for compliance with the following standards, so you can easily fit the backup solution into your existing compliance regimen:

    • Service Organization Controls (SOC)

    • Statement on Standards for Attestation Engagements (SSAE) 16

    • International Organization for Standardization (ISO) 27001

    • Payment Card Industry Data Security Standard (PCI DSS)

    • Health Insurance Portability and Accountability Act (HIPAA)

    • SEC1

    • Federal Risk and Authorization Management Program (FedRAMP)

  • Scalability: With AWS, you don’t have to worry about capacity. As your needs change, you can scale your consumption up or down without administrative overhead.

  • Lower total cost of ownership (TCO): The scale of AWS operations drives down service costs and helps lower the TCO of AWS services. AWS passes these cost savings on to customers through price drops.

  • Pay-as-you-go pricing: Purchase AWS services as you need them and only for the period that you plan to use them. AWS pricing has no upfront fees, termination penalties, or long-term contracts.