Best-in-class backups in AWS
Juha WilppuYears ago, I lost production data that I couldn’t recover. The annoying mix of regret and helplessness is something I don’t want to ever experience again.
That incident taught me a lot.
Today, I have a solid backup strategy, and I can highly recommend it. Here’s what we’ve done and why.
🛡️ You do need AWS Backup
RDS takes its own backups, so you might think you are covered. But if the instance is deleted, you will lose all automatic backups!
How could it be deleted? By accident. Or by an attacker.
You need AWS Backup to be safe. And it gives you many other benefits.
🔒 Compliance mode: no one can delete the backups
We’ve locked our AWS Backup Vault in compliance mode. This means the backups cannot be deleted:
Not by a tired developer making a mistake.
Not by a disgruntled employee.
Not even by an attacker with full Administrator access.
All of these scenarios are very unlikely to happen, you might never experience them. But compliance mode removes any doubt.
Trust is good. Immutability is better.
Companies love when they can completely eliminate an entire risk category. And honestly, if you work at a company with 200+ employees, can you really trust that no one will ever make any mistake?
The scary part of compliance mode is that you can’t delete the backups even if you wanted to. You need to wait until the retention period is over (35 days for us). If you made a mistake and generated a lot of backups, that might be a costly mistake — and even AWS support won’t help.
We accept that risk. It’s better to risk cost than business continuity.
⏱️ Hourly backups
We run backups every hour. That’s the shortest interval AWS Backup allows.
This gives us a Recovery Point Objective (RPO) of one hour. In the worst case, we lose at most one hour of data.
Honestly, I can’t imagine taking backups less frequently.
❌ Don’t lose a database by accident
Enable “Deletion Protection” on the RDS instance.
Years ago, I saw a developer delete the production database by accident – he thought he was working in the test environment.
It’s a numbers game: With enough time, even the rarest mistakes will happen.
Even if you can restore the database from a backup, there’s no sense risking the downtime and chaos.
🌍 Disaster-proofing with cross-region backups
We replicate our backups to two regions: North Virginia (us-east-1) and Ireland (eu-west-1).
If a region goes down, our data is still safe. Since we operate in both the US and Europe, this setup makes sense for us geographically.
Cross-region backups might sound like overkill — and maybe they are. But again, they remove a certain risk category. So far it has made sense for us.
💰 Cost breakdown
Let’s assume the database has 1 GB of data with moderate churn.
| Item | Cost/month |
| Monthly backup | $0.05 |
| Hourly backups | $36.00 |
| Cross-region backups | $72.00 |
| Cross-region data transfer | $14.40 |
For me, $86.40/month is worth the peace of mind.
🔁 Lastly, the most important thing
Continuously monitor that your backups are still being taken and stored.
It can happen easily that a configuration change or permission issue breaks your backups. You could go weeks or months without having any backups.
And remember that backups are only the first step. You need to test the restore at least once — and preferably regularly.
Also, don’t forget to back up everything: secrets, configuration files, and all forms of data (like S3).
Subscribe to my newsletter
Read articles from Juha Wilppu directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by