You must be logged in to view saved presets
Cloudformation Guard Rules for AWS Backup
CloudFormation guard rules template for AWS Backup resources
The following rules are included:
Backup Vaults:
- Backup Vault Policy Defined
Backup Plans:
- Lifecycle Cleanup Rules Configured
- VSS Snapshots Enabled
- Minimum Retention of 35 Days Configured
let backup_vaults = Resources.*[
Type == "AWS:::Backup::BackupVault"
]
let backup_plans = Resources.*[
Type == "AWS:::Backup::BackupPlan"
]
rule backup_vault_policy when %backup_vaults !empty {
%backup_vaults {
Properties {
AccessPolicy exists <<AccessPolicy is not defined.>>
}
}
}
rule backup_plan_cleanup when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
BackupPlanRule.* {
Lifecycle exists <<Lifecycle rules are not configured.>>
when Lifecycle exists {
Lifecycle {
DeleteAfterDays exists <<DeleteAfterDays not configured.>>
MoveToColdStorageAfterDays exists <<MoveToColdStorageAfterDays not configured.>>
}
}
}
}
}
}
}
rule backup_vss_snapshots when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
AdvancedBackupSettings exists <<AdvancedBackupSettings is not configured.>>
}
}
}
}
rule backup_plan_min_retention_35_days when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
BackupPlanRule.* {
Lifecycle exists <<Lifecycle rules are not configured.>>
when Lifecycle exists {
Lifecycle {
DeleteAfterDays exists <<DeleteAfterDays not configured.>>
when DeleteAfterDays exists {
DeleteAfterDays >= 35 <<DeleteAfterDays set to less than 35 days.>>
}
}
}
}
}
}
}
}
Actions
Customize Template
* Required field
© 2024 asecurecloud. All rights reserved.