Backup Audit Manager not reporting correct status - insufficient data
I have deployed few controls using Backup Audit Manager to check the compliance of the backups but most of them have control status of insufficient data. Why is that? I only have one control passing compliant status.
I checked configuration recorder status, it is recording
I have the following rule which clearly is Daily backup at least once and least retention of 7 days. Still the rule control is failing.
{
"ruleName": "daily_backup_rule",
"scheduleExpression": "cron(0 21 ? * * *)",
"startWindowMinutes": 60,
"completionWindowMinutes": 480,
"lifecycle": {
"toDeletedAfterDays": 8
}
}
- 최신
- 최다 투표
- 가장 많은 댓글
Control status refers to each control's compliance status. A control can be Compliant, meaning all resources pass that evaluation; Non-compliant, meaning that at least one resource did not pass that evaluation, or Insufficient data, meaning the control found no resources within the evaluation scope to evaluate. Control status refers to each control's compliance status. A control can be Compliant, meaning all resources pass that evaluation; Non-compliant, meaning that at least one resource did not pass that evaluation, or Insufficient data, meaning the control found no resources within the evaluation scope to evaluate. It is also important that you have to turn on resource tracking as this is important to collect data for the specific control. Please turn on resource tracking as below,
AWS Backup: backup plans AWS Backup: backup vaults AWS Backup: recovery points AWS Backup: backup selection AWS Config: resource compliance
For further details on configuring the correct controls required for your environment refer to article below.
Choosing your controls - https://docs.aws.amazon.com/aws-backup/latest/devguide/choosing-controls.html
Turning on resource tracking - https://docs.aws.amazon.com/aws-backup/latest/devguide/turning-on-resource-tracking.html
Creating frameworks using the AWS Backup console - https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-frameworks-console.html
Viewing framework compliance status - https://docs.aws.amazon.com/aws-backup/latest/devguide/viewing-frameworks.html
After enabling resource tracking if you still do see insufficient data then I request you to raise a case with AWS Support for further deep dive and analysis.
For the non-compliant backup plan please verify if the backup plan has any other rule within it and also please check if there are any other backup plan within the same region which is not compliant as per your frame work. You can view the non-compliant backup plan as detailed in the below article,
Finding non-compliant resources - https://docs.aws.amazon.com/aws-backup/latest/devguide/finding-non-compliant-resources.html
If you would like AWS to perform further analysis then I request you to raise a case with AWS Backup Support as further analysis pertaining to your control and account is required.
