A collection of AWS controls related to creating and managed backups for AWS resources. Configuration items include templates to set up AWS Backup Plans which can backup data for AWS services such as DynamoDB, EFS, RDS, Storage Gateway and EC2, as well as Data LifeCycle Manager for EBS snapshots, and a number of compliance rules using AWS Config to ensure that AWS resources are properly backed up

AWS Backup

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

CloudFormationTerraformAWS CLI
AWS Backup Plan with Monthly Backup Rule and Tag Based Resource Selection

This CloudFormation template creates a custom backup plan with a scheduled backup rule (monthly at 5AM) and resource selection based on specified tags. The backup plan includes lifecycle policies for deleting backups after 120 days and moving them to cold storage after 30 days. This template assumes that the backup service-linked role already exists in the account.

AWS Backup Plan and Vault with Resource Selection based on Resource Ids

This CloudFormation template creates a backup vault and plan for AWS Backup. It includes a custom backup plan with a scheduled backup rule and a resource selection for EC2 instances and RDS databases.

AWS Backup Vault with KMS Key Encryption

This CloudFormation template creates a backup vault and a KMS key for encryption. The backup vault is named 'my-backup-vault' and the KMS key is configured to allow IAM user permissions.

AWS Backup Audit Manager (Backup Framework)

Configure AWS Backup Audit Manager to audit the compliance of your AWS Backup policies against controls that you define. This template deploys the AWS backup framework (a collection of controls that helps you to evaluate your backup practices) and (optionally) automatic daily reports for the compliance status of the frameworks set up.

CloudFormationTerraformAWS CLI
AWS Backup Audit Manager (Backup Jobs Report)

Configure AWS Backup Audit Manager to create automated daily reports on backup job activity. Other reports that can be configured include Backup Restore activity and Backup Copy Jobs activity  This template deploys can (optionally) also audit frameworks to evaluate backup policies for the account.

CloudFormationTerraformAWS CLI