Regular backups

Essential Eight control	Implementation guidance	AWS resources	AWS Well-Architected guidance
Backups of important data, software and configuration settings are performed and retained in a coordinated and resilient manner in accordance with business continuity requirements.	Theme 6: Automate backups: Automate data backup and recovery	Implement data backup on AWS Automate data backup at scale (AWS blog post)	REL09-BP01 Identify and back up all data that needs to be backed up, or reproduce the data from sources REL09-BP02 Secure and encrypt backups REL09-BP03 Perform data backup automatically
Restoration of systems, software and important data from backups is tested in a coordinated manner as part of disaster recovery exercises.	Theme 6: Automate backups: Automate data backup and recovery Theme 6: Automate backups: Implement governance across your AWS Backup outcomes	Automate data recovery validation with AWS Backup (AWS blog post) Use AWS Backup Audit Manager to audit the compliance of your AWS Backup policies	REL09-BP04 Perform periodic recovery of the data to verify backup integrity and processes
Unprivileged accounts, and privileged accounts (excluding backup administrators), cannot access backups.	Theme 6: Automate backups: Implement governance across your AWS Backup outcomes	Top 10 security best practices for securing backups in AWS (AWS blog post) Use AWS Backup Vault Lock to improve the security of your backup vaults Use AWS Backup Audit Manager to audit the compliance of your AWS Backup policies	SEC08-BP04 Enforce access control
Unprivileged accounts, and privileged accounts (excluding backup break glass accounts), are prevented from modifying or deleting backups.