Data protection and resilience with AWS storage (STG301)

Data Protection and Resilience with AWS Storage

Key Takeaways

  1. Resiliency and High Availability:

    • Resiliency is the ability of a workload to withstand and recover from failures.
    • High availability ensures that an application remains operational despite component failures.
    • Factors affecting resilience include hardware failures, software errors, load, and regional outages.
  2. Shared Responsibility Model:

    • AWS is responsible for the resilience of the cloud infrastructure.
    • Customers are responsible for the resilience of their applications running on AWS.
  3. Data Protection Strategies:

    • The 3-2-1 data protection approach: 3 copies of data, 2 in remote locations, 1 in an immutable, isolated vault.
    • Backup for compliance, recovery from ransomware, and general data protection.
    • Replication for low Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
  4. AWS Services for Data Protection:

    • S3 versioning, replication, and backup with AWS Backup.
    • EBS snapshots, AWS Backup, and AWS Elastic Disaster Recovery (DRS) for EC2.
    • FSx and EFS for file-based services.
  5. Architectural Patterns:

    • Multi-AZ high availability within a region.
    • Multi-region disaster recovery using replication.
    • Leveraging AWS Backup for local and remote backups, including isolated, immutable vaults.
  6. Testing and Validation:

    • Regularly test recovery processes to ensure data can be restored within the desired RTO.
    • Validate the integrity of backup copies to ensure they are usable for recovery.

Detailed Breakdown

Resiliency and High Availability

  • Resiliency is the ability of a workload to withstand and recover from failures, whether they are component failures, software errors, load, or regional outages.
  • High availability ensures that an application remains operational despite component failures, such as network outages or instance failures.
  • Factors affecting resilience include hardware failures, software errors, load spikes (e.g., Black Friday), and regional outages (e.g., natural disasters).

Shared Responsibility Model

  • AWS is responsible for the resilience of the cloud infrastructure, including the availability of regions, Availability Zones, and edge locations.
  • Customers are responsible for the resilience of their applications running on AWS, including data protection, access control, security, and disaster recovery.

Data Protection Strategies

  • The 3-2-1 data protection approach:
    • 3 copies of data: 1 primary, 2 backups
    • 2 copies stored in remote locations (e.g., different regions or accounts)
    • 1 copy stored in an immutable, isolated "vault" for cyber resilience
  • Backup is used for compliance, recovery from ransomware, and general data protection.
  • Replication is used for low Recovery Point Objective (RPO) and Recovery Time Objective (RTO) when rapid recovery is required.

AWS Services for Data Protection

  • S3: Versioning, replication, and backup with AWS Backup
  • EBS: Snapshots, AWS Backup, and AWS Elastic Disaster Recovery (DRS)
  • FSx and EFS: Native backup and replication capabilities
  • AWS Backup: A consistent, policy-driven data protection service across various AWS services

Architectural Patterns

  1. Multi-AZ High Availability:

    • Leveraging Availability Zones within a region for failover and load balancing.
    • Using Auto Scaling groups and RDS/Aurora replicas for high availability.
  2. Multi-Region Disaster Recovery:

    • Replicating data and resources across multiple regions for fast recovery.
    • Using S3 cross-region replication and AWS DRS for EC2 workloads.
  3. AWS Backup for Data Protection:

    • Local backup copies within the primary account for fast recovery.
    • Remote backup copies in a separate account for cyber resilience.
    • Immutable, isolated "vault" backups for the ultimate protection.

Testing and Validation

  • Regularly test the recovery process to ensure data can be restored within the desired RTO.
  • Validate the integrity of backup copies to ensure they are usable for recovery, especially in the case of the isolated "vault" backups.

Your Digital Journey deserves a great story.

Build one with us.

Cookies Icon

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

Talk to us