57 lines
4.4 KiB
Markdown
57 lines
4.4 KiB
Markdown
---
|
||
title: "CTP Topic 73 AWS Backup Implementation of the Cloud Transformation Programme"
|
||
type: source
|
||
tags:
|
||
- AWS
|
||
- Backup
|
||
- Cloud Transformation Programme
|
||
- SRE
|
||
- DR
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Source File
|
||
- [[Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-73-aws-backup-implementation-of-the-cloud-transformation-program.md]]
|
||
|
||
## Summary(用中文描述)
|
||
- 核心主题:AWS Backup 在云转型计划中的企业级实施落地
|
||
- 问题域:如何在多账户 AWS 环境中标准化备份流程,同时给予产品团队自主管理灵活性
|
||
- 方法/机制:SRE 团队开发 SRE Backup Model,为每个产品组提供预置的 AWS Backup Plans、Selections、Vaults、KMS 密钥策略等模板,支持在 DRA 账户内独立执行备份和恢复;设计从源账户初始备份并复制到远程 DR 账户和区域;AWS Backup Audit Manager 提供合规审计报告
|
||
- 结论/价值:AWS Backup 作为战略性备份工具,通过 SRE Model 实现"集中管控 + 分散执行"的平衡,标准化备份流程同时保留产品团队灵活性
|
||
|
||
## Key Claims(用中文描述)
|
||
- SRE 核心团队通过开发 SRE Backup Model,简化了 AWS Backup 的采纳门槛,使产品组能够在其 DRA 账户内自主创建和管理备份
|
||
- AWS Backup 选择原因:原生托管服务、支持 TAC-based 备份计划、跨账户跨区域复制、备份不可变性、开箱即用审计报告、S3/RDS 点时间恢复
|
||
- 备份设计:初始备份在源账户执行,复制到远程 DR 账户和区域(如 DR 不可用则使用 Databunker 作为集中备份账户),确保即时恢复能力
|
||
- AWS Backup Audit Manager 提供合规控制:备份计划保护、最小频率和保留期、防手动删除恢复点、加密验证、计划性跨区域和跨账户备份
|
||
|
||
## Key Quotes
|
||
> "AWS backup was adopted as the strategic tool for backup in AWS for the cloud transformation program to standardize backup processes." — AWS Backup 被选为云转型计划的战略性备份工具
|
||
> "An SRE model was developed to allow product groups to create and control their own backups, aligned with the assumed backup policy." — SRE Model 赋予产品组自主创建和管理备份的能力
|
||
> "This keeps backups within the DR account for immediate restore, avoiding time-consuming data copies." — 备份保留在 DR 账户内以实现即时恢复
|
||
|
||
## Key Concepts
|
||
- [[AWS Backup]]:AWS 原生托管备份服务,支持多资源类型的集中备份和恢复策略管理
|
||
- [[SRE Model]]:Site Reliability Engineering 团队开发的备份管理模式,为产品组提供标准化但可定制的备份基础设施
|
||
- [[AWS Backup Audit Manager]]:AWS Backup 内置合规审计框架,提供备份状态报告和合规控制评估
|
||
- [[跨账户备份]]:通过 AWS Organizations 将备份从源账户复制到独立的 DR/Bunker 账户,实现备份隔离
|
||
- [[Vault Lock]]:备份保险库合规锁定模式,防止任何人(包括根用户)提前删除恢复点
|
||
|
||
## Key Entities
|
||
- [[AWS]]:云服务提供商,AWS Backup 为其原生备份服务
|
||
- [[Cloud Transformation Programme]](CTP):企业级云转型计划,本视频为其 Topic 73,聚焦 AWS Backup 实施
|
||
- SRE(Site Reliability Engineering)Core/Product/Architecture Teams:SRE 核心、产品和架构团队协作设计备份策略
|
||
- DRA Accounts:Disaster Recovery Application Accounts,各产品组在其 DRA 账户内管理自有备份
|
||
|
||
## Connections
|
||
- [[ctp-topic-72-enterprise-dr-strategy-aws-backup]] ← extends ← [[ctp-topic-73-aws-backup-implementation]](Topic 72 提供理论基础,Topic 73 聚焦实施落地)
|
||
- [[ctp-topic-44-aws-backup-in-micro-focus]] ← relates_to ← [[ctp-topic-73-aws-backup-implementation]](两者均讨论 AWS Backup,Topic 44 聚焦 Micro Focus 内部评估)
|
||
- [[AWS Backup]] ← depends_on ← [[AWS Backup Audit Manager]](Audit Manager 是 AWS Backup 的合规增强组件)
|
||
- [[AWS Backup]] ← supports ← [[跨账户备份]](跨账户跨区域复制是 AWS Backup 的核心能力)
|
||
|
||
## Contradictions
|
||
- 与 [[ctp-topic-44-aws-backup-in-micro-focus]] 存在视角差异:
|
||
- 冲突点:Topic 44 讨论 Micro Focus 现有备份评估(快照管理 vs AWS Backup 选型)
|
||
- 当前观点:Topic 73 作为 CTP 实施指南,确认 AWS Backup 为标准工具
|
||
- 对方观点:Topic 44 提及 AWS Backup 的局限性(无法选择性排除 EC2 附加卷、崩溃一致而非热备份)
|