58 lines
3.7 KiB
Markdown
58 lines
3.7 KiB
Markdown
---
|
|
title: CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
|
|
type: cloud-learning
|
|
source-type: video
|
|
category: DevOps & SRE/01_AWS-Landing-Zone
|
|
tags:
|
|
- AWS
|
|
- Backup
|
|
- CTP
|
|
date-added: 2026-04-14
|
|
video-source: nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4
|
|
audio-source: ""
|
|
status: summarized (Gemini 摘要)
|
|
---
|
|
|
|
# CTP Topic 73 AWS Backup implementation of the Cloud Transformation Program
|
|
|
|
**Source:** NAS `/volume2/work/Public Cloud Learning Sessions/CTP _ Topic 73_ AWS Backup implementation of the Cloud Transformation Program.mp4`
|
|
|
|
**Type:** VIDEO | **Category:** 01_AWS-Landing-Zone
|
|
|
|
**Status:** 🟡 Awaiting Whisper transcription → Summary
|
|
|
|
---
|
|
|
|
## 摘要
|
|
|
|
> The session covers the AWS backup implementation of the cloud transformation program, focusing on the CTP backup strategy, AWS backup audit manager, and the AWS backup module. The SRE core, SRE product, and architecture teams collaborated on a design to provide product groups with flexibility in their backup strategies.
|
|
|
|
Key points include the assumed backup policy for production workloads, which requires customer data to be backed up regularly (at least once in 24 hours) with a retention policy of at least 30 days, and two backup locations. AWS backup was adopted as the strategic tool for backup in AWS for the cloud transformation program to standardize backup processes. An SRE model was developed to allow product groups to create and control their own backups, aligned with the assumed backup policy, enabling independent backup and restore operations in their DRA accounts.
|
|
|
|
AWS backup was chosen because it is a native service managed by AWS, simplifying data protection at scale and supporting multiple AWS resources. It supports TAC based backup plans, cross-account and cross-region backups, immutability for backups, out-of-the-box audit reports and frameworks, and point-in-time recovery for S3 and RDS. The design involves taking initial backups within the source accounts and copying them to a remote account and region, ideally a dedicated DR account for each production workload account. *This keeps backups within the DR account for immediate restore, avoiding time-consuming data copies.* If a DR account is unavailable, a Databunker account can be used as a centralized account for storing backups. The SRE backup model simplifies the adoption of AWS backup by creating AWS backup plans, selections, local AWS backup vaults, KMSKN policies, additional vaults in the DR account, Enroll policies, lifecycle policies, SNS topic creations, audit reports, and optional point-in-time restore for SRE and RDS. *The SRE models were adjusted to optionally create custom KMS kits, which is a fundamental requirement for having a remote account and region for the AWS backup processes.*
|
|
|
|
The AWS backup audit manager provides out-of-the-box reports and compliance reports. Reports can be exported to an S3 bucket in CSV or JSON format, providing insights into the status of backups, resources backed up, creation date, recovery point, backup duration, and size. SNS notifications can be configured to receive alerts regarding the status of backups. The AWS backup audit manager framework includes controls that help evaluate backup practices, providing compliance reports. Controls include ensuring backup resources are protected by a backup plan, minimum frequency and retention, prevention of manual deletion of recovery points, encryption of recovery points, and scheduled cross-region and cross-account backups.
|
|
|
|
|
|
---
|
|
|
|
## 关键概念
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 行动项
|
|
|
|
-
|
|
|
|
---
|
|
|
|
## 相关视频
|
|
|
|
> 配对视频笔记链接(生成后填入)
|
|
|
|
---
|
|
|
|
*最后更新: 2026-04-14*
|