By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM PoliciesAmazon ECRRDS Event Subscriptions

By Service Protected

Configuration Packages

Strategy Guides

Other

Backups & DR

AWS Backup Audit Manager (Backup Framework)

Configure AWS Backup Audit Manager to audit the compliance of your AWS Backup policies against controls that you define. This template deploys the AWS backup framework (a collection of controls that helps you to evaluate your backup practices) and (optionally) automatic daily reports for the compliance status of the frameworks set up.

Audit Frameworks

By default, this template deploys the AWS Backup framework which includes all 5 available controls to monitor backup activity, coverage, and resources against AWS best practices. Optionally, you can customize the framework to customize (or remove) the specific controls which include: 

  • Backup resources protected by backup plan
  • Backup plan minimum frequency and minimum retention
  • Backup prevent recovery point manual deletion
  • Backup recovery point encrypted
  • Backup recovery point minimum retention

Audit Reports

Create automatic daily audit reports:

  • Compliance Reports: Control or Resource Compliance Reports for audit frameworks
  • Backup Activity Reports
    • Backup Jobs Report
    • Restore Jobs Report
    • Copy Jobs Report

Important: If using an existing S3 bucket to store reports, ensure that it has the appropriate permissions to allow  

Items
1
Size
1.3 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  Framework:
    Type: "AWS::Backup::Framework"
    Properties:
      FrameworkName: "backup_framework"
      FrameworkDescription: "AWS backup framework"
      FrameworkControls:
        - ControlName: "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN"
          ControlInputParameters: []
          ControlScope: {}
        - ControlName: "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK"
          ControlInputParameters:
            - ParameterName: "requiredFrequencyUnit"
              ParameterValue: "hours"
            - ParameterName: "requiredFrequencyValue"
              ParameterValue: "1"
            - ParameterName: "requiredRetentionDays"
              ParameterValue: "30"
          ControlScope: {}
        - ControlName: "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED"
          ControlInputParameters: []
          ControlScope: {}
        - ControlName: "BACKUP_RECOVERY_POINT_ENCRYPTED"
          ControlInputParameters: []
          ControlScope: {}
        - ControlName: "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK"
          ControlInputParameters:
            - ParameterName: "requiredRetentionDays"
              ParameterValue: "1"
          ControlScope: {}
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

Framework






Report Plans

* Required field