By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Organizations does not allow AWS Backup policy covering af-south-1

0

We use AWS Backup via a policy set at the AWS Organizations level (in the management account).

I now want to expand the policy to cover the af-south-1 (Cape Town) region, but that region is not offered from the 'Backup plan regions' dropdown. If I instead edit the JSON, adding af-south-1 causes an error: 'The provided policy document does not meet the requirements of the specified policy type.'

I am aware that the af-south-1 region is opt-in. I have already opted it in at the management account and all member accounts where it is used.

AWS Backup itself is available in af-south-1.

Anyone seen this themselves, or know the reason for it ?

Topics
StorageManagement & Governance
Tags
AWS BackupAWS Organizations
Language
English
AndyH-idt
asked 2 months ago154 views
2 Answers
1
Accepted Answer

Hello Andy, thank you for your reach out, Courtney_W here from AWS, I have gone over your use-case scenario in which you are utilizing AWS Organization to centrally manage AWS Account utilizing cross account management feature for child accounts under the AWS Organization Management Account.

As mentioned you are unable to include af-south-1 (Cape Town) in the AWS Organization policy for AWS Backups, the options isn’t present in the drop down or by manually specifying the region in the JSON. Based off the architecture at present the region af-south-1 (Cape Town) doesn’t have support for the cross account management [1] [2]. Due to the feature not being available in the region, mechanisms of AWS Backups can't be centrally managed through policies in AWS Organizations.

I would like to share my apologies for the inconvenience this has caused you and your organization with your backup architecture, that said we are actively working to improve features of all AWS services.

I have gone ahead to attach your post from the AWS re:Post forum to an existing feature request which is currently with a number of business teams internally, however, I am unable to share any roadmaps or ETA for the feature. You can keep an eye out on our blog for all the latest updates at AWS [3].

I do hope this has helped in the understand of the scenario being faced, if you have any additional questions on this, we will be more than happy to assist, take care.

Links Attached:

[1] What is AWS Backup? - Feature availability by AWS Region. https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-region

[2] Managing AWS Backup resources across multiple AWS accounts. https://docs.aws.amazon.com/aws-backup/latest/devguide/manage-cross-account.html#:~:text=To%20use-,cross%2Daccount%20management,-%2C%20you%20must%20follow

[3] AWS Blog - What's new. https://aws.amazon.com/new/

AWS
AWS-User-8876641
answered 2 months ago
profile picture
EXPERT
Oleksii Bebych
reviewed a month ago
  • AndyH-idt
    2 months ago

    Thanks Courtney. No worries, I'm happy that it's a (current) feature, and not just something I am doing wrong. We are already provisioning the required backup vault and IAM role for backup in every account anyway (using Terraform) so it's no hardship to also provision the backup plans, rules and selections that way too.

0

For future reference, adding provided answer from another forum:

https://serverfault.com/questions/1154170/aws-organizations-does-not-allow-backup-policy-covering-af-south-1

Cross-account management is not listed as supported for Africa (Cape Town) region: https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-region

AWS
AntAWS
answered 2 months ago
  • AndyH-idt
    2 months ago

    Thanks - that was my question there as well. :-)

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content