TalksAWS re:Invent 2025 - Simplify backup for stateful Amazon EKS workloads (CNS209)

AWS re:Invent 2025 - Simplify backup for stateful Amazon EKS workloads (CNS209)

Simplifying Backup for Stateful Amazon EKS Workloads

What is AWS Backup?

  • AWS Backup is a fully managed data protection service that centralizes and automates backup across AWS services and hybrid workloads.
  • It is a policy-driven service that allows you to define backup requirements such as what to backup, where to backup, how many copies, and lifecycle policies.
  • AWS Backup provides a centralized or decentralized approach to enforcing data protection policies across your organization.

Key Use Cases for AWS Backup

  • Cloud-native backup solution supporting 20+ AWS services
  • Compliance and governance through integration with AWS Backup Audit Manager
  • Disaster recovery and ransomware resiliency with immutable backups in logically air-gapped vaults

Recent Enhancements: Native EKS Support

  • AWS Backup now provides native support for Amazon EKS, allowing you to backup and restore Kubernetes objects and stateful workloads.
  • This includes backing up cluster-scoped resources (deployments, config maps, secrets, etc.) and namespace-scoped resources, as well as persistent volumes on EBS, S3, and EFS.
  • EKS backup and restore is a cloud-native experience with no need for third-party add-ons or custom scripts.
  • Enables platform engineers to create consistent "golden" backups before maintenance windows like EKS version upgrades.
  • Flexible restore options, including restoring to an existing cluster or creating a new cluster.

Getting Started with AWS Backup for EKS

  1. Create a backup plan to define what, when, and how to backup.
    • Use pre-built templates, build a custom plan, or import a JSON configuration.
  2. Assign resources to the backup plan.
    • Automatically include resources with specific tags or manually select resources.

Reference Architecture

  • Leverages AWS Organizations and a backup delegated admin account to centrally manage backup policies.
  • Uses a key vault account to centralize management of encryption keys (CMKs).
  • Stores primary backups in the workload account, with additional copies in logically isolated "data bunker" accounts for disaster recovery.
  • Utilizes a forensics account to test backups and analyze for potential malware.
  • Integrates with Amazon GuardDuty for real-time backup scanning and analysis.

Key Takeaways

  • AWS Backup now provides native support for protecting Amazon EKS clusters and stateful workloads.
  • This simplifies backup and restore for Kubernetes environments, enabling consistent "golden" backups before maintenance.
  • The reference architecture demonstrates best practices for centralized backup management, disaster recovery, and forensic analysis.
  • AWS Backup is a fully managed, cloud-native data protection service that can be easily configured to meet your organization's backup requirements.

Your Digital Journey deserves a great story.

Build one with us.

Talk to us
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.