Checks if Amazon Elastic Block Store (Amazon EBS) volumes are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon EBS volume is not covered by a backup plan.

This config rule supports the following parameters:

  • resourceTags
    • Required: No
    • Type: String
    • Description:Tags for Amazon EBS volumes for the rule to check, in JSON format {"tagkey" : "tagValue"}.
  • resourceId
    • Required: No
    • Type: String
    • Description:ID of Amazon EBS volume for the rule to check.
  • crossRegionList
    • Required: No
    • Type: String
    • Description:Comma-separated list of destination regions for the cross-region backup copy to be kept
  • crossAccountList
    • Required: No
    • Type: String
    • Description:Comma-separated list of destination accounts for cross-account backup copy to be kept
  • maxRetentionDays
    • Required: No
    • Type: int
    • Description:The maximum retention period in days for the Backup Vault Lock
  • minRetentionDays
    • Required: No
    • Type: int
    • Description:The minimum retention period in days for the Backup Vault Lock
  • backupVaultLockCheck
    • Required: No
    • Type: String
    • Description:Accepted values: 'True' or 'False'. Enter 'True' for the rule to check if the resource is backed up in a locked vault

CloudFormation Template