Cloud Guardrails best practice: S3 bucket with replication to another account

Configuration

S3 bucket with replication to another account

Require replication to another account for disaster recovery

Summary

This is a best practice for disaster recovery. The most brilliant teams with IAM only do well to the account level granularity. A compromised AWS account that would allow a threat actor to delete data would also allow them to delete the backup data. Require replication to another account for DR.

Applicable To

When effective DR is required

Resources

Maturity

Medium

Functions

Reliability

Security

CSPS

AWS

Author

Will Bengtson

Additional Links

View on GitHub Contribute on GitHub

Back to Home