AWS Backup Strategies: SAA-C03 Study Guide

This guide covers the core strategies for protecting data across AWS storage and database services, focusing on architectural resilience and recovery metrics.

Learning Objectives

After studying this guide, you should be able to:

Define and differentiate between Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Evaluate backup mechanisms for Amazon S3, EBS, EFS, and RDS.
Configure automated data lifecycles using Amazon Data Lifecycle Manager (DLM).
Implement centralized backup management using AWS Backup.
Select appropriate replication strategies (CRR vs. SRR) based on compliance and latency requirements.

Key Terms & Glossary

RTO (Recovery Time Objective): The maximum acceptable duration of time a service can be down after a failure.
RPO (Recovery Point Objective): The maximum acceptable period of data loss measured in time (e.g., "we can lose up to 5 minutes of data").
Snapshot: An incremental, point-in-time backup of a storage volume (EBS) or database (RDS).
Versioning: A feature in S3 that preserves older versions of objects to protect against accidental deletion or overwrites.
PITR (Point-in-Time Recovery): The ability to restore a database to any specific second within a retention period, usually powered by transaction logs.

The "Big Idea"

Resilience is a dual-layered strategy. High Availability (Multi-AZ) protects against infrastructure failure (hardware/facility), while Backup Strategies protect against data-level failure (corruption, accidental deletion, or ransomware). You cannot replace a robust backup strategy with High Availability alone; if a user deletes a record in a Multi-AZ database, that deletion is synchronously replicated to the standby, making backups the only path to recovery.

Formula / Concept Box

Metric	Focus	Question Answered	Target Goal
RTO	Downtime	"How long until we are back online?"	Lower is better (minutes vs. hours)
RPO	Data Loss	"How much data can we afford to lose?"	Lower is better (seconds vs. days)

Hierarchical Outline

Object Storage (Amazon S3)
- Versioning: Protects against overwrites/deletes; mandatory for replication.
- Replication:
  - CRR (Cross-Region): Disaster recovery across geographical boundaries.
  - SRR (Same-Region): Compliance or log aggregation.
Block Storage (Amazon EBS)
- Snapshots: Incremental; stored in S3 for durability.
- Data Lifecycle Manager (DLM): Automates snapshot creation and retention.
File Storage (Amazon EFS)
- AWS Backup: Primary method for scheduling incremental EFS backups.
Relational Databases (RDS / Aurora)
- Automated Backups: Daily snapshots + transaction logs (5-min RPO).
- Manual Snapshots: Persistent even after instance deletion.
Centralized Management
- AWS Backup: Policy-based service to manage backups for EBS, RDS, S3, EFS, and DynamoDB in one place.

Visual Anchors

Backup vs. Availability Flow

Loading Diagram...

Understanding RTO and RPO

\begin{tikzpicture}[line width=1pt] \draw[->] (0,0) -- (10,0) node[right] {Time}; \draw[red, dashed] (6, -1) -- (6, 2) node[above] {Failure Event};

code

% RPO
\draw[blue, <->] (4, 0.5) -- (6, 0.5);
\node at (5, 0.8) {\small RPO (Data Gap)};
\filldraw[black] (4,0) circle (2pt) node[below] {Last Backup};

% RTO
\draw[green!60!black, <->] (6, 1.2) -- (9, 1.2);
\node at (7.5, 1.5) {\small RTO (Downtime)};
\filldraw[black] (9,0) circle (2pt) node[below] {Service Restored};

\end{tikzpicture}

Definition-Example Pairs

Cross-Region Replication (CRR): Automatically copying S3 objects to a bucket in a different AWS Region.
- Example: A financial firm in New York replicates all records to London to ensure compliance with laws requiring data to exist in two distinct geographical landmasses.
Incremental Snapshot: A backup that only saves the blocks that have changed since the last snapshot.
- Example: If an EBS volume has 100GB of data and only 2GB changes, the next snapshot only consumes 2GB of additional storage in S3.
Soft Delete (via Versioning): When an object is deleted in a versioned bucket, AWS places a "Delete Marker" on it rather than removing the data.
- Example: An employee accidentally deletes a critical project file; the admin simply removes the Delete Marker to restore the file instantly.

Worked Examples

Scenario 1: Calculating Backup Costs and Retention

Task: A company requires 24-hour snapshots of a 500GB EBS volume, retaining them for 30 days.

Solution Approach: Use Amazon Data Lifecycle Manager (DLM).
Step 1: Define a Snapshot Lifecycle Policy.
Step 2: Set the schedule to every 24 hours.
Step 3: Set the count-based retention to 30.
Result: DLM will automatically delete the 31st snapshot every day, maintaining exactly 30 days of recovery points without manual intervention.

Scenario 2: RDS Recovery Strategy

Task: A production database requires an RPO of less than 10 minutes.

Solution: Enable RDS Automated Backups.
Mechanism: RDS uploads transaction logs to S3 every 5 minutes.
Result: During a failure at 12:09 PM, the administrator can restore the database to 12:04 PM (the last log upload), meeting the <10 min RPO requirement.

Checkpoint Questions

What is the minimum requirement for S3 Cross-Region Replication to function?
- Answer: Versioning must be enabled on both the source and destination buckets.
Does an RDS Snapshot include all databases on a multi-db instance?
- Answer: Yes, snapshots are taken at the instance level and include all databases.
How do you automate backups for an EFS file system?
- Answer: Use the AWS Backup service to create a backup plan and assign the EFS resource to it.
If an EC2 instance is terminated, what happens to the data on its Root EBS volume by default?
- Answer: It is deleted unless the 'DeleteOnTermination' attribute was set to false.