Building a DR that you can count on is a challenge for anything deployed in the cloud. DR is an important characteristic of any cloud deployment. While it is possible that an entire region can go down, having a solid Cloud Disaster Recovery plan is crucial for any
organization.
The simplest plan here is to have the data stored in multiple regions for business continuity in the event of a disaster such as fire, hurricane, flood, etc. Amazon AWS helps you to overcome these challenges by providing an effective solution such as disaster recovery storage services and cross-region replication.
Disaster Recovery Storage Services
Let’s learn about the storage services that are safe from disaster:
Amazon Simple Storage Service (S3):
AWS S3 is highly available and durable storage service used for mission control and primary data storage. Additionally, it protects data retention and archiving
through versioning and replicating the data within an AWS Region across
multiple Availability Zones (AZs) which makes it ideal for Disaster Recovery
Storage.
EC2 volumes, DB snapshots, and application
backups are sent to S3 in the form of Extract/Transform/Load (ETL) jobs.
Amazon Glacier:
They are used for archiving data at a low cost. When the retrieval time
of archived data is from 3-5 hours, Amazon Glacier is an ideal solution.
AWS Storage Gateway:
This allows connecting your on-premises storages to AWS S3 and Glacier. Use AWS storage gateway if your data center is in on-premises for cloud backup and disaster recovery. AWS Storage Gateway offers three configurations:
- Gateway-cached volumes – Frequently accessed data is cached in the on-premises storage, and primary data is stored in S3.
- Gateway stored volumes – Primary data is stored in the on-premises data center while asynchronously backing up the point in time snapshots to S3.
- Gateway virtual tape library - You can store your virtual tape in a virtual tape library (VTL) backed by Amazon S3 or a virtual tape shelf (VTS) backed by Amazon Glacier.
Amazon Elastic File System (EFS):
EFS is used to mount multiple EC2 instances providing scalable file storage. The
data in Amazon EFS is automatically replicated across multiple Availability
Zones providing better durability compared to Elastic Block Storage. EFS File Sync feature can also be used to move the data from on-premises or in-cloud
file systems into Amazon EFS.
Everything about AWS Cross Region Replication (CRR)
Cross Region Replication (CRR) allows automatic and asynchronous copying of objects stored in the bucket to a different AWS region. CRR should be activated in S3’s bucket level configuration. By activating it, the data will replicate the newly created object, object updates, and object deletions from the origin bucket to a destination bucket in a different region. While creating the bucket in S3, the user must select the specific region as well. And all the data stored within that bucket will be in the designated region.
CRR moves the data from one region to another in a safe, secure, automated, and cost-effective. Replicating objects via CRR offers Business Continuity (BC), Business Resiliency (BR), and Disaster Recovery (DR).
What is replicated in CRR?
- Any newly created objects will be replicated automatically.
- If the object is encrypted using server-side encryption, then the replicated object will also be encrypted.
- Object tags will also be replicated.
What is not replicated in CRR?
- Objects present in S3 before enabling CRR, will not be replicated.
- Objects encrypted using customer-provided (SSE-C) or AWS KMS–managed encryption (SSE-KMS) keys are not replicated.
- If the user doesn’t have permission to the source bucket, he cannot replicate objects.
- Only customer actions are replicated. Actions performed by life-cycle configuration are not replicated.
- Objects in the source bucket that are replicas, created by another CRR, are not replicated.
Also, versioning should be activated both in the source and destination bucket to enable the CRR. By default, once the CRR is enabled Amazon S3 will generate a policy document for the IAM role that matches both the origin and destination bucket. But to perform CRR of objects on behalf of the user, AWS S3 needs to use an IAM role created by the user. The replicated objects will have the same metadata in origin and destination bucket.
After enabling CRR in the bucket, it cannot be deleted, but can only be partially disabled. However, it can be re-enabled anytime by choosing Enable CRR in AWS console. You can partially delete the CRR configuration by removing the prefixes from both origin and destination bucket, meaning that all objects with that prefix will no longer be replicated between two regions. If you delete all the prefixes, then every newly created object, object update, and object deletion in the origin bucket will be replicated into the destination bucket regardless of prefix.
If you wish to delete CRR completely, use the AWS Command Line Interface (CLI).
Generally, disaster recovery in AWS helps a wider range of business to design effective DR strategies using different storage solutions and by using cross-region replication services. This will enable businesses to meet Recovery Time Objectives(RTO) and Recovery Point Objectives(RPO).