Skip to content

Cross-Region Backups

Architecture

A dedicated backup vault in us-west-2 (Oregon) receives cross-region copies of backups from the primary region (us-east-2).

Component Region Value
Primary Backup Vault us-east-2 nhc-backup-vault
DR Backup Vault us-west-2 nhc-dr-backup-vault
DR KMS Key us-west-2 prod-nhc-dr-backup

OpenTofu Configuration

Defined in tofu/accounts/nhc/backup_dr.tf:

  • Uses a separate aws.dr provider for us-west-2
  • KMS key with automatic annual rotation
  • Vault encrypted at rest

HIPAA Requirement

HIPAA contingency planning (§164.308(a)(7)) requires geographic redundancy for PHI backups. This cross-region vault satisfies that requirement.