Building cyber resiliency with AWS Backup logically air-gapped vault
Storage Blog
This article discusses the new logically air-gapped vault feature in AWS Backup, which provides enhanced security and resiliency for data backups against cyber threats like ransomware.
Specifically, the article covers:
- How the logically air-gapped vault works, with backups encrypted using AWS-owned keys and automatically locked in compliance mode
- The ability to share the logically air-gapped vault across AWS accounts using AWS RAM, enabling faster direct restores
- Key benefits including reduced recovery time, reduced operational overhead, enhanced protection against key deletion or modification, and simplified recovery testing
- Solution architecture showing the different AWS accounts (workload, data bunker, recovery, forensics) and how they interact with the logically air-gapped vault
- Conclusion highlighting the improved cyber resiliency and suitability for highly sensitive workloads
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Aug 7
2024
2024
Announcing the general availability of AWS Backup logically air-gapped vault
Nov 6
2025
2025
Encrypt AWS Backup logically air-gapped vaults with customer-managed keys
Nov 17
2025
2025
AWS Backup now supports backing up directly to a logically air-gapped vault
Mar 12
2026
2026
AWS Backup adds logically air-gapped vault support for Amazon EKS
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.