You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Problem:
Currently, backup responsibilities are delegated to customers, Solution Architects (SA), or operations teams, leading to potential errors or omissions. Integrating a standardized backup strategy into the (Security Reference Architecture) SRA design is essential.
Solution:
Implement AWS Backup Service Control Policies (SCP) at the root level, account level, or Organizational Unit (OU) level. This approach ensures that each account adheres to a consistent backup policy, leveraging appropriate tagging and AWS recommended backup solutions and schedules.
Key steps:
• Tagging Strategy:
• Define tags such as Key: Backup, Value: Daily, Key: Backup, Value: Weekly Key: Backup, Value: Monthly .
• Each tag corresponds to a specific backup plan that appropriately backs up the associated resources.
• The backups plans for Daily have a retention period of a week, weekly backups retention is a month, and monthly backups are year.
Centralized Backup Management:
• Implement a centralized backup vault account. Similar to logging or audit accounts, this account would serve a single purpose with tightly controlled access.
• Ensure backups from member accounts are copied to this central vault.
Metadata Preservation:
• Ensure snapshots and AMIs in both member and central vaults retain all resource metadata tags, facilitating complete resource restoration if needed.
Automated Vault Creation:
• Use terraform to create backup vaults in member accounts at the time of account creation.
• Apply the backup policy via SCP to utilize these vaults.
Role Management:
• Use the default IAM role service-role/AWSBackupDefaultServiceRole for backup operations. This role, created during account setup, aligns with AWS best practices and will automatically receive updates for any additional service needs in the future.
By adopting this strategy, we ensure consistent, automated, and reliable backups across all accounts, minimizing the risk of human error and enhancing overall data protection.
The text was updated successfully, but these errors were encountered:
Problem:
Currently, backup responsibilities are delegated to customers, Solution Architects (SA), or operations teams, leading to potential errors or omissions. Integrating a standardized backup strategy into the (Security Reference Architecture) SRA design is essential.
Solution:
Implement AWS Backup Service Control Policies (SCP) at the root level, account level, or Organizational Unit (OU) level. This approach ensures that each account adheres to a consistent backup policy, leveraging appropriate tagging and AWS recommended backup solutions and schedules.
Key steps:
• Tagging Strategy:
• Define tags such as Key: Backup, Value: Daily, Key: Backup, Value: Weekly Key: Backup, Value: Monthly .
• Each tag corresponds to a specific backup plan that appropriately backs up the associated resources.
• The backups plans for Daily have a retention period of a week, weekly backups retention is a month, and monthly backups are year.
Centralized Backup Management:
• Implement a centralized backup vault account. Similar to logging or audit accounts, this account would serve a single purpose with tightly controlled access.
• Ensure backups from member accounts are copied to this central vault.
Metadata Preservation:
• Ensure snapshots and AMIs in both member and central vaults retain all resource metadata tags, facilitating complete resource restoration if needed.
Automated Vault Creation:
• Use terraform to create backup vaults in member accounts at the time of account creation.
• Apply the backup policy via SCP to utilize these vaults.
Role Management:
• Use the default IAM role service-role/AWSBackupDefaultServiceRole for backup operations. This role, created during account setup, aligns with AWS best practices and will automatically receive updates for any additional service needs in the future.
By adopting this strategy, we ensure consistent, automated, and reliable backups across all accounts, minimizing the risk of human error and enhancing overall data protection.
The text was updated successfully, but these errors were encountered: