Comment by veunes
2 months ago
"backups in the same volume" aren't backups, they’re just snapshots in the same blast radius fwiw. If your DR plan hinges on a single physical volume ID, you have zero resilience
This needs to be a lesson for everyone: real backups belong in an independent store (S3/GCS) in a different region with object lock enabled. It’s the only way to make sure even a compromised root token can’t nuke your data for 30 days
No comments yet
Contribute on Hacker News ↗