Search⌘ K
AI Features

RTO, RPO, and Business Continuity Design

Explore how to translate business recovery expectations into effective AWS disaster recovery architectures. Learn to define RTO and RPO, classify workloads by criticality, and select appropriate disaster recovery patterns. Understand cost-resiliency trade-offs and practical AWS services to build resilient and cost-efficient business continuity solutions.

Every enterprise architecture decision on AWS begins with a single question: What happens when something fails? The answer is never purely technical. It originates in boardrooms, where business leaders define contractual service level agreements (SLAs) that specify acceptable downtime and data loss. A solutions architect’s primary responsibility is to translate those contractual commitments into infrastructure designs that meet recovery targets without overspending.

Two foundational metrics form the quantitative language bridging business expectations and infrastructure design: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics determine whether you deploy a simple backup vault or a fully active, multi-Region fleet. Throughout this lesson, you will encounter the AWS services and constructs that recur in every business continuity conversation: Route 53 health checks and failover routing, Multi-AZ deployments, cross-Region replication, AWS Backup, and the four canonical disaster recovery (DR) patterns (backup/restore, pilot light, warm standby, and active-active).

Understanding these patterns is only the first step. The real architectural skill is knowing when to apply each one based on business requirements, cost constraints, availability targets, and recovery objectives. This lesson establishes that decision framework.

Defining RTO and RPO

Recovery Time Objective (RTO) is the maximum acceptable duration between a disruption event and the restoration of service. Recovery Point Objective (RPO) is the maximum acceptable duration between the last recoverable data point and the moment of disruption. Together, they define two distinct windows around any failure event: one measuring downtime and the other measuring data loss.

Consider two workloads within the same enterprise. A financial trading platform carries a five-minute RTO and a one-minute RPO because every second of downtime loses revenue, and every missed transaction creates regulatory exposure. An internal reporting dashboard carries a 24-hour RTO and a 12-hour RPO because delayed analytics cause inconvenience, not business harm.

How RTO and RPO drive service selection

RTO directly governs compute readiness decisions. A five-minute RTO demands pre-provisioned capacity, pre-baked AMIs, and automated failover orchestration. A 24-hour RTO permits restore-on-demand from snapshots with manual intervention. RPO governs data replication strategy along a spectrum of cost and latency:

  • ...