How can I manage my AWS Backup settings using AWS CloudFormation templates?
4 minute read
0
I want to use AWS Backup to back up my data from other AWS resources. Additionally, I want to use an AWS CloudFormation template to manage my AWS Backup configurations. How can I do that?
Short description
You can create CloudFormation templates using the supported AWS Backup resource types. Example CloudFormation templates that you can create for AWS Backup include:
- A template to create a backup plan and assign a resource to the backup plan.
- A template to create a backup plan, create a backup vault, and assign a resource to the backup plan.
Resolution
Important: Your backup plan must specify the tag that assigns resources to the backup plan. Before you set the backup plan, decide on the tag. Then, verify that the tag is assigned to the correct resources and that it's written correctly in the backup plan.
Template to create a backup plan and assign a resource to the backup plan
The following example CloudFormation template in YAML does the following:
- Creates a backup plan named BackupPlanWithThinBackups.
- Sets backups to be stored in the vault named Default.
- Creates a backup rule named RuleForDailyBackups that's scheduled to run a daily backup at 11:25AM.
- Enables Windows VSS.
- Sets the lifecycle of the backups to be deleted seven days after they're created.
- Sets the CopyAction to copy backups to the us-west-2 AWS Region for disaster recovery.
- Uses the AWS Identity and Access Management (IAM) role named AWSBackupDefaultServiceRole to run the backup job.
- Assigns the backup plan to all resources that are tagged with the key backupplan and the value dsi-sandbox-daily.
AWSTemplateFormatVersion: 2010-09-09 Description: >- Backup Plan template to back up all resources tagged with backupplan=dsi-sandbox-daily at 11:25am UTC. Resources: BackupPlanWithThinBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithThinBackups" AdvancedBackupSettings: - ResourceType: EC2 BackupOptions: WindowsVSS: enabled BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: Default ScheduleExpression: "cron(25 11 ? * * *)" Lifecycle: DeleteAfterDays: 7 CopyActions: - DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default Lifecycle: DeleteAfterDays: 14 TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "TagBasedBackupSelection" IamRoleArn: !Sub "arn:aws:iam::111222333444:role/service-role/AWSBackupDefaultServiceRole" ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backupplan" ConditionValue: "dsi-sandbox-daily" BackupPlanId: !Ref BackupPlanWithThinBackups DependsOn: BackupPlanWithThinBackups
Template to create a backup plan, create a backup vault, and assign a resource to the backup plan
The following example CloudFormation template in YAML does the following:
- Creates a backup vault named Default.
- Creates a backup plan named BackupPlanWithThinBackups.
- Sets backups to be stored in the vault BackupVaultWithThinBackups.
- Creates a backup rule named RuleForDailyBackups that's scheduled to run a daily backup. These backups are set to be deleted seven days after they're created.
- Enables Windows VSS.
- Sets the CopyAction to copy backups to the us-west-2 AWS Region for disaster recovery. These backups are set to be deleted 14 days after they're created.
- Creates a backup rule named RuleForWeeklyBackups that's scheduled to run a weekly backup every Monday at 11:00 AM. These backups are set to be deleted 28 days after they're created.
- Creates a backup rule named RuleForMonthlyBackups that's scheduled to run a backup on the first day of every month at 11:00 AM. These backups are set to be deleted 90 days after they're created.
- Uses the IAM role named AWSBackupDefaultServiceRole to run the backup job.
- Assigns the backup plan to all resources that are tagged with the key backup and the value thinbackup.
AWSTemplateFormatVersion: "2010-09-09" Description: "Backup Plan template for thin backups" Resources: BackupVaultWithThinBackups: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "BackupVaultWithThinBackups" BackupPlanWithThinBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithThinBackups" AdvancedBackupSettings: - ResourceType: EC2 BackupOptions: WindowsVSS: enabled BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: !Ref BackupVaultWithThinBackups ScheduleExpression: "cron(25 11 ? * * *)" Lifecycle: DeleteAfterDays: 7 CopyActions: - DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default Lifecycle: DeleteAfterDays: 14 - RuleName: "RuleForWeeklyBackups" TargetBackupVault: !Ref BackupVaultWithThinBackups ScheduleExpression: "cron(0 11 ? * 2 *)" Lifecycle: DeleteAfterDays: 28 CopyActions: - DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default Lifecycle: DeleteAfterDays: 14 - RuleName: "RuleForMonthlyBackups" TargetBackupVault: !Ref BackupVaultWithThinBackups ScheduleExpression: "cron(0 11 1 * ? *)" Lifecycle: DeleteAfterDays: 90 CopyActions: - DestinationBackupVaultArn: arn:aws:backup:us-west-2:111222333444:backup-vault:Default Lifecycle: DeleteAfterDays: 14 DependsOn: BackupVaultWithThinBackups TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "TagBasedBackupSelection" IamRoleArn: !Sub "arn:aws:iam::${AWS::AccountId}:role/service-role/AWSBackupDefaultServiceRole" ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backup" ConditionValue: "thinbackup" BackupPlanId: !Ref BackupPlanWithThinBackups DependsOn: BackupPlanWithThinBackups
Related information
AWS OFFICIALUpdated 2 years ago
No comments
Relevant content
- asked 7 months ago
- asked a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 4 months ago
