71 lines
4.1 KiB
Markdown
71 lines
4.1 KiB
Markdown
---
|
||
title: "CTP Topic 73 AWS Backup Implementation of the Cloud Transformation Programme"
|
||
type: source
|
||
tags:
|
||
- AWS
|
||
- Backup
|
||
- CTP
|
||
- Cloud Transformation
|
||
- SRE
|
||
- DR
|
||
date: 2026-04-14
|
||
sources: []
|
||
last_updated: 2026-04-28
|
||
---
|
||
|
||
## Source File
|
||
- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:AWS Backup 在云转型计划中的具体落地实施
|
||
- 问题域:企业级 AWS 环境中如何标准化备份流程,如何让各产品团队在统一框架下自主管理备份
|
||
- 方法/机制:
|
||
- SRE Core/Product/Architecture 团队协作设计 SRE 备份模型
|
||
- 采用 AWS Backup 作为战略备份工具(原生托管、多资源支持)
|
||
- 产品组在 DRA 账户中独立创建和管理备份计划、对齐预设备份策略
|
||
- 初始备份在源账户完成,复制到远程 DR 账户(或 Databunker 集中账户)
|
||
- AWS Backup Audit Manager 提供合规报告和 SNS 告警
|
||
- 结论/价值:通过 SRE 备份模型标准化 AWS 备份,降低产品团队接入复杂度,实现跨账户、跨区域的合规备份和即时恢复
|
||
|
||
## Key Claims(用中文描述)
|
||
- SRE Core/Product/Architecture 团队协作设计了 SRE 备份模型,使产品团队能在各自 DRA 账户内独立完成备份和恢复操作
|
||
- AWS Backup 被选为 CTP 战略备份工具,因其为 AWS 原生服务,支持多资源类型、跨账户/跨区域、备份不可变性、开箱即用审计报告及 S3/RDS 时间点恢复
|
||
- 备份设计从源账户取初始备份,复制到专属 DR 账户(或 Databunker 集中账户),确保恢复时无需耗时复制数据
|
||
- AWS Backup Audit Manager 提供合规框架和控制项,可验证备份覆盖率、最小频率和保留期、手动删除防护、加密、计划性跨区域/跨账户备份
|
||
|
||
## Key Quotes
|
||
|
||
> "The SRE models were adjusted to optionally create custom KMS keys, which is a fundamental requirement for having a remote account and region for the AWS backup processes." — KMS 自定义密钥是实现跨账户跨区域备份的基础前提
|
||
|
||
> "This keeps backups within the DR account for immediate restore, avoiding time-consuming data copies." — 备份保留在 DR 账户内可实现即时恢复
|
||
|
||
> "AWS backup audit manager framework includes controls that help evaluate backup practices, providing compliance reports." — Audit Manager 提供合规评估控制项
|
||
|
||
## Key Concepts
|
||
- [[DisasterRecovery]]:灾备策略,DR 账户用于存储跨区域备份副本
|
||
- [[ImmutableBackup]]:备份不可变性,防止恢复点被手动删除
|
||
- [[LifecyclePolicy]]:生命周期策略,管理备份的存储层级和自动过期
|
||
- [[PointInTimeRecovery]]:时间点恢复,支持 S3 和 RDS 的精确恢复
|
||
- [[SRE-Model]]:SRE 备份模型,由 SRE 团队创建 AWS Backup 计划、Vault、KMS 策略等,产品组自主控制
|
||
- [[MultiAccountArchitecture]]:多账户架构,DRA 账户隔离灾备资源
|
||
|
||
## Key Entities
|
||
- [[AWSBackup]]:AWS 原生备份服务,作为 CTP 战略备份工具,提供跨账户/跨区域、不可变性、审计报告等能力
|
||
- [[AWSBackupAuditManager]]:AWS Backup Audit Manager,提供合规报告、控制项评估和 SNS 告警
|
||
- [[DRA-Account]](DRA 账户):每个生产工作负载账户的专属灾备账户,存储跨区域备份副本
|
||
- [[Databunker]]:集中备份账户,当 DR 账户不可用时作为备份存储的备选集中账户
|
||
- [[KMS]]:AWS Key Management Service,用于加密备份恢复点,支持自定义密钥
|
||
- [[SRE-Core-Team]]:SRE Core 团队,与 SRE Product/Architecture 协作设计备份模型
|
||
- [[SNS]]:Simple Notification Service,用于备份状态告警通知
|
||
|
||
## Connections
|
||
- [[AWSBackup]] ← uses ← [[AWSBackupAuditManager]]
|
||
- [[AWSBackup]] ← uses ← [[KMS]]
|
||
- [[AWSBackup]] ← notifies via ← [[SNS]]
|
||
- [[CTP-Topic-72-Implementing-an-Enterprise-DR-Strategy-Using-AWS-Backup]] ← extends ← [[CTP-Topic-73-AWS-Backup-Implementation]]
|
||
- [[AWSBackup]] ← stores backups in ← [[DRA-Account]]
|
||
- [[DRA-Account]] ← fallback ← [[Databunker]]
|
||
|
||
## Contradictions
|
||
- 无明显冲突
|