Retail – AWS Native Backup POC

Customer Proof of Concept for AWS native backup and logically air-gapped recovery for Amazon Aurora and Amazon S3

The client wanted to validate whether AWS native services could be implemented for their existing services and to provide proven protection from ransomware attack.

The scope of the proof of concept focused on two AWS data services: Amazon Aurora DB and Amazon S3. The objective was to prove that backups could be taken natively within AWS, copied to a separate backup account for standard cross-account protection, and also copied to a logically air-gapped vault for stronger cyber-resilience. The client also wanted to confirm that restore operations could be performed into a separate restore account using controlled recovery techniques, least-privilege IAM policies and roles, helping keep recovery separate from the production account.

The backup design for both Amazon Aurora DB and Amazon S3 used a source workload in the POC account, a local backup vault, a copy to a backup account, and a further copy to a logically air-gapped vault protected with Vault Lock in compliance mode. Restore testing then validated recovery into a separate restore account, alongside same-account air-gapped recovery and cross-account recovery patterns.

We designed and executed an AWS native backup architecture based on AWS Backup, cross-account vaulting, and logically air-gapped protection.

In the POC account, native AWS backup jobs were configured for Amazon S3 and Aurora DB. Recovery points were written first to a local vault to support fast operational recovery. From there, copies were sent to two separate destinations: a standard backup account for routine cross-account protection (optional for testing purposes), and a dedicated air-gap account containing a logically air-gapped vault with immutable Vault Lock controls. This provided a three-layer backup model: local recovery in the POC account, cross-account protection in the backup account, and an additional air-gapped layer to protect against deletion, tampering, or ransomware-style compromise.

We then tested restore scenarios to validate recovery options beyond the source account for both Amazon S3 and Amazon Aurora DB. This included recovery from the logically air-gapped vault, the use of dedicated restore roles and KMS permissions, and recovery into a separate restore account through cross-account techniques. The testing also highlighted practical IAM and KMS considerations for Amazon S3, including the need to account for delete permissions during restore when handling bucket versioning. This gave the client a consistent protection pattern across both object storage and managed database services.

The proof of concept demonstrated that AWS native backup capabilities can support a practical multi-account resilience strategy for both Amazon Aurora and Amazon S3.

It clearly shows that backup data could be protected at multiple levels: locally for fast recovery, in a separate backup account for operational resilience, and in a logically air-gapped vault for stronger cyber recovery posture. The POC also showed that restore operations can be deliberately separated from the production account, enabling cleaner recovery workflows and reducing the risk of restoring into a compromised environment. The testing validated both same-account air-gapped restore and cross-account recovery options.

The POC demonstrated a three-layer protection model for backup data: local recovery for fast recovery, cross-account backup for operational resilience, and logically air-gapped storage for stronger cyber resilience. It also proved that restore operations could be performed outside the production account, helping create a cleaner recovery process and reducing the risk of restoring into a compromised environment. The testing validated both same-account air-gapped restore and cross-account recovery options.

From a business perspective, the POC showed that an AWS-native approach could provide a simpler model for backup, immutability, and recovery using built-in AWS services. It also gave the client a practical baseline for comparing AWS-native capabilities with other air-gapped backup solutions for Aurora and S3.