AWS Storage Blog
Category: Security, Identity, & Compliance
Large scale migration of encrypted objects in Amazon S3 using S3 Batch Operations
Many organizations have data governance strategies or compliance requirements that mandate their data be replicated and redundant across different management accounts and global regions. Moving encrypted data at scale can often take a few additional steps due to the need to decrypt and re-encrypt objects as part of the replication process. Amazon Simple Storage Service […]
Modern data protection architecture on Amazon S3: Part 2
Update (12/11/2023): As of November 20, 2023, Amazon S3 supports enabling S3 Object Lock on existing buckets. Keeping data secure and usable in unforeseen circumstances like accidental breaches, human error, and hacking is critical to business continuity and success. To effectively mitigate the impact of these events on business-critical assets, one of the recommended strategies […]
Modern data protection architecture on Amazon S3: Part 1
Update (12/11/2023): As of November 20, 2023, Amazon S3 supports enabling S3 Object Lock on existing buckets. Keeping data secure and usable in unforeseen circumstances like accidental breaches, human error, and hacking is critical to business continuity and success. To effectively mitigate the impact of these events on business-critical assets, one of the recommended strategies […]
Automating AWS Backup pre- and post-script execution with AWS Step Functions
Customers execute custom scripts before or after a backup job to automate and orchestrate required and repetitive tasks. For example, customers running applications hosted in Amazon Elastic Compute Cloud (EC2) instances use scripts to complete application transactions, flush the buffers and caches, stop file I/O operations, or ensure that the application is idle, bringing the […]
Troubleshooting automated pre- and post-scripts for AWS Backup
Customers can use event-driven architectures with decoupled tasks to automate and orchestrate custom scripts for backup jobs. With event-driven architectures, troubleshooting is key to understanding failures at the component levels in order to resolve issues that arise and keep the entire automated workflow running smoothly. In the first post in this two-part blog series, we […]
How to audit an Amazon S3 bucket’s default encryption configuration at scale
Encrypting data at rest fulfills compliance and security standards while providing an extra layer of defense to protect against unauthorized access. As organizations scale, it is critical to develop standardize encryption to minimize the administrative burden of managing encryption keys. Organizations that lack encryption standardization may find themselves unable to access critical data when required. […]
Synchronize Amazon EC2 instance tags and instance type with AWS Elastic Disaster Recovery source servers
When performing disaster recovery, you recover your original systems and IT infrastructure to their original state at an alternate, available site. When you recover your servers, the recovered servers should match the original compute infrastructure to reduce the risk of underprovisioning or overprovisioning your recovery environment. This improves the likelihood that your recovery servers have […]
Creating compliance insights across Regions and accounts with AWS Backup Audit Manager reports
Customers use AWS Backup Audit Manager to automate continuous monitoring of backup activities such as changes to a backup plan or backup vault and generate daily reports. AWS Backup Audit Manager also provides auditing and reporting of data protection compliance across your backup estate. Previously, these compliance and backup activity reports were generated in and […]
Data preservation with AWS Backup legal holds
Customers globally, especially in regulated industries, require centralized protection and demonstrable compliance for their application data. Auditors often require customers such as broker-dealers, securities exchanges, and stock brokerage firms, to prove compliance with SEC, FINRA, and CFTC requirements by providing an assessment report from an industry-recognized entity with additional disclosure that they have capabilities to […]
Delegated administrator support for AWS Backup
[Update: 12/13/2022 – Under Step 2. Delegate backup policy in AWS Organizations console, the JSON policy paragraph and sample JSON policy were updated.] Until today, backup administrators had to use the AWS Organizations management account to administer backup policies and monitor cross-account backup activities. However, the use of the AWS Organizations management account should only […]