[nemothekid]

>They protect you from accidental deletion, malware, and even just snapshots of what something looked at a particular time etc.

S3 with versioning enabled provides this. I'm not being naive when I say S3 really provides everything you might need. Its my observation over the last 13 years, dealing with tons of fires, that there has every been a situation where I couldn't retrieve something from S3.

Legally you might need an alternative. Going multi-cloud doesn't hurt - after all I do it. But practically? I don't think I would lose sleep if someone told me they only back up to S3.

[tuckerman]

Insider risk is a potential reason. If someone acquires root in your AWS account, having a backup might give you options to dealing with blackmail or even malicious deletion after it happens.

[deathanatos]

If someone acquires root in the AWS account, they likely then have access to the backups, too. Unless we're also assuming whatever is doing the backup runs in an alternate cloud and our attacker or insider somehow has access to only 1 of 2 clouds.

Possible, perhaps, but contrived.

[coredog64]

There's account root and then there's org root. Accounts are security boundaries, meaning you'd want your backups to at least be in another account within the org.

[tuckerman]

I think using a separate cloud with credentials stored in a safe (or the equivalent) isn’t that uncommon (worked places where we were nearly 100% AWS but had GCP for storing backups). You’d need to compromise/socially engineer a different set of people to get access to that.

[icedchai]

What if someone deletes a bucket? Then all your versioning is gone...

[charcircuit]

It doesn't let you.

[icedchai]

It can be done if you delete the versions. You’ll need to use the aws cli.

[fpoling]

It cannot be done if S3 objects use the object lock in compliance mode. Such objects cannot be altered in any way and the bucket cannot be deleted until the lock expires .

[icedchai]

Good to know! I’ve never used that feature.

[fpoling]

Note that with such lock mistakes can be costly. If you put into S3 several terabytes by mistake and set the compliance lock duration for 2 years, you will have to pay for that storage for 2 years.

[Brian_K_White]

And then Amazon kills your account. It doesn't matter how great their hardware and software is.

[fpoling]

There is a contractual obligation on Amazon side. If they kill the account in violation of the contract, the court will force them to pay heavy damages.

Now, one can argue that courts would take time and money and a company may not afford such risk even if it is theoretical. In this case if data is that important it is stupid to keep them at AWS.

But then just write the data to tapes and store in a bank cell or whatever.