3.1.3.2. Backup & Recovery Strategies (Pilot Light, Warm Standby)

3.1.3.2. Backup & Recovery Strategies (Pilot Light, Warm Standby)

Loading diagram...

Backup & Restore implementation:

1. AWS Backup creates scheduled backups of RDS, EBS, EFS, DynamoDB
2. Cross-region backup copies stored in S3 in the DR region
3. On disaster: restore resources from backups, deploy infrastructure via CloudFormation, update DNS
4. RTO: Hours (depends on data size and infrastructure complexity)

Pilot Light implementation:

1. RDS read replica or Aurora Global Database running in DR region
2. S3 cross-region replication active
3. AMIs copied to DR region
4. CloudFormation templates ready to deploy compute layer
5. On disaster: promote DB replica, launch EC2/ECS from templates, update Route 53

Warm Standby implementation:

1. Full application stack running in DR region at reduced capacity (e.g., 1 instance instead of 10)
2. Database synchronously or asynchronously replicated
3. Route 53 health checks configured for automatic failover
4. On disaster: scale up DR environment (ASG adjusts capacity), traffic shifts automatically

AWS Backup centralizes backup management across services:

# Create a backup plan with cross-region copy
aws backup create-backup-plan --backup-plan '{
  "BackupPlanName": "DailyDR",
  "Rules": [{
    "RuleName": "DailyBackup",
    "ScheduleExpression": "cron(0 2 * * ? *)",
    "TargetBackupVaultName": "primary-vault",
    "CopyActions": [{
      "DestinationBackupVaultArn": "arn:aws:backup:us-west-2:123456789012:backup-vault:dr-vault"
    }]
  }]
}'

Exam Trap: AWS Backup supports cross-account backups (copy to backup vault in another account). This protects against account compromise — even if an attacker gains admin access to the primary account, backups in the security account are safe. The exam tests this pattern in security-focused DR questions.