AWS · Infrastruttura · YoctoIT tech page

Backup

AWS's centralized data protection: one policy for EC2, RDS, EFS and the rest — with immutable vaults and compliance reports.

FOCUS · GOVERNANCEOne policy, all services: cloud backup you can prove to auditors
YoctoIT material for clients and partners · AWS e i nomi dei servizi sono marchi di Amazon.com, Inc.
01 · What it is

AWS Backup, made clear.

AWS Backup unifies what used to be scattered: centralized backup plans for AWS services (and VMware on AWS), vaults with immutability (Vault Lock), cross-region and cross-account copies, compliance reports ready for audits.

15+ services
protected from a single console: EC2, EBS, RDS, EFS, DynamoDB, S3…
Vault Lock
governed immutability: not even the admin can delete
Cross-account
the copy in an isolated account: ransomware can't jump the moat
Icona ufficiale AWS — AWS Backup
OFFICIAL AWS ICON · Backup
02 · How to use it well

The things that make the difference.

The protection chain

Backup plancentral policies: frequency, retention, tags
EC2/EBS
RDS/Aurora
EFS · S3 · DynamoDB
services protected uniformly
Vault (+ Vault Lock)the depository, immutable on demand
Cross-region / account copygeographic and administrative resilience
From plan to vault, all tracked

Tag-based plans

Resources protect themselves: the 'backup=gold' tag is enough to include them in the right plan.

Point-in-time recovery

For RDS and DynamoDB, restore to the second: human error rewound.

Restore testing

Automatic restore tests: the periodic proof that backups actually work.

Audit Manager

Compliance demonstrated: reports that cross-check policy and reality, for NIS2 and ISO.

03 · In depth

Plans, vaults and the proven restore

AWS Backup centralizes policies across EC2/EBS, RDS/Aurora, DynamoDB, EFS/FSx, S3 and VMware: backup plans define frequency, retention and destination vault; vaults with Vault Lock are WORM. Cross-account and cross-region copies build the native 3-2-1; restore testing plans run scheduled trial restores and measure the outcome — RTO becomes an observed number.

  • Backup plan — tag-based: the new resource with the right tag is already protected
  • Vault Lock — WORM in compliance mode: not even root can delete
  • Cross-account — the copy in a strongbox account: a compromise can't reach it
  • Restore testing — automatic trial restores with validation: DR with evidence
  • Point-in-time — RDS/Aurora and S3 with continuous recovery where fine RPO is needed
  • Audit Manager — backup compliance reports ready for the audit
04 · Numbers and lifecycle

The numbers that matter.

12+
the services covered by a single plan
3-2-1
native with cross-region and cross-account copies
35 gg
the maximum RDS PITR: beyond that, backup takes over
100%
of restore tests logged: RTO measured, not declared
In the cloud too, backup is judged at restore time: tag-based plans, armored vaults and monthly restore tests — we set them up and we read them.
05 · Use cases

Where it really pays off.

Cloud compliance

The backup of your whole AWS footprint provable in one report: the auditor says thanks.

Ransomware isolation

An immutable vault in a separate account: the copy that survives account compromise.

Multi-region protection

The copy from Ireland to Frankfurt: data DR with one line of policy.

We treat cloud backup like on-prem backup: written policies, immutability and periodic restore tests — the YoctoIT standard.