I'm exploring options for backing up our critical data outside of our current AWS Organization. My concern is that, despite regular backups, compliance-mode vaults, and cross-region backups, we still risk losing everything if our master account becomes unavailable or is suspended. AWS makes exporting backups from the Organization difficult, and I couldn't find much information on this topic. I'm seeking insight into whether my concerns are valid and if companies commonly consider master account suspension a reasonable risk. What are the best practices others utilize to mitigate this risk?
6 Answers
There are indeed best practices for cross-account backups with an immutable setup.
Make sure your backups are set to be cross-region and immutable. That way, you reduce the risk of data loss even further.
Consider using AWS DataSync for transferring backups seamlessly.
It's definitely a good idea to have at least one backup copy with a different provider. Look into commercial tools that can facilitate this, or if your app can export backup files into S3, you can manage syncing to another storage service yourself pretty easily.
I’ve tried using AWS Snowball for this purpose. It's not ideal if you need real-time access, but it’s economical and works well for large data sets.
You might want to look into a logically air-gapped vault. It allows you to share your backup vault across different accounts, even those in different AWS Organizations.
But if you look closer at the documentation, it mentions that both accounts need to be part of the same organization in AWS Organizations.