Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
CloudFormation guard rules template for AWS Backup resources
The following rules are included:
Backup Vaults:
Backup Plans:
let backup_vaults = Resources.*[
Type == "AWS:::Backup::BackupVault"
]
let backup_plans = Resources.*[
Type == "AWS:::Backup::BackupPlan"
]
rule backup_vault_policy when %backup_vaults !empty {
%backup_vaults {
Properties {
AccessPolicy exists <<AccessPolicy is not defined.>>
}
}
}
rule backup_plan_cleanup when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
BackupPlanRule.* {
Lifecycle exists <<Lifecycle rules are not configured.>>
when Lifecycle exists {
Lifecycle {
DeleteAfterDays exists <<DeleteAfterDays not configured.>>
MoveToColdStorageAfterDays exists <<MoveToColdStorageAfterDays not configured.>>
}
}
}
}
}
}
}
rule backup_vss_snapshots when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
AdvancedBackupSettings exists <<AdvancedBackupSettings is not configured.>>
}
}
}
}
rule backup_plan_min_retention_35_days when %backup_plans !empty {
%backup_plans {
Properties {
BackupPlan {
BackupPlanRule.* {
Lifecycle exists <<Lifecycle rules are not configured.>>
when Lifecycle exists {
Lifecycle {
DeleteAfterDays exists <<DeleteAfterDays not configured.>>
when DeleteAfterDays exists {
DeleteAfterDays >= 35 <<DeleteAfterDays set to less than 35 days.>>
}
}
}
}
}
}
}
}