By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Backup Audit Manager not reporting correct status - insufficient data

0

I have deployed few controls using Backup Audit Manager to check the compliance of the backups but most of them have control status of insufficient data. Why is that? I only have one control passing compliant status.

I checked configuration recorder status, it is recording

I have the following rule which clearly is Daily backup at least once and least retention of 7 days. Still the rule control is failing.

{
            "ruleName": "daily_backup_rule",
            "scheduleExpression": "cron(0 21 ? * * *)",
            "startWindowMinutes": 60,
            "completionWindowMinutes": 480,
            "lifecycle": {
                "toDeletedAfterDays": 8
            }
        }

Enter image description here

Topics
StorageManagement & GovernanceSecurity, Identity, & Compliance
Tags
Backup & RecoveryAWS Management ConsoleAWS BackupAWS ConfigAWS Audit Manager
Language
English
rePost-User-5398639
asked 2 years ago412 views
1 Answer
1

Control status refers to each control's compliance status. A control can be Compliant, meaning all resources pass that evaluation; Non-compliant, meaning that at least one resource did not pass that evaluation, or Insufficient data, meaning the control found no resources within the evaluation scope to evaluate. Control status refers to each control's compliance status. A control can be Compliant, meaning all resources pass that evaluation; Non-compliant, meaning that at least one resource did not pass that evaluation, or Insufficient data, meaning the control found no resources within the evaluation scope to evaluate. It is also important that you have to turn on resource tracking as this is important to collect data for the specific control. Please turn on resource tracking as below,

AWS Backup: backup plans AWS Backup: backup vaults AWS Backup: recovery points AWS Backup: backup selection AWS Config: resource compliance

For further details on configuring the correct controls required for your environment refer to article below.

Choosing your controls - https://docs.aws.amazon.com/aws-backup/latest/devguide/choosing-controls.html

Turning on resource tracking - https://docs.aws.amazon.com/aws-backup/latest/devguide/turning-on-resource-tracking.html

Creating frameworks using the AWS Backup console - https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-frameworks-console.html

Viewing framework compliance status - https://docs.aws.amazon.com/aws-backup/latest/devguide/viewing-frameworks.html

After enabling resource tracking if you still do see insufficient data then I request you to raise a case with AWS Support for further deep dive and analysis.

For the non-compliant backup plan please verify if the backup plan has any other rule within it and also please check if there are any other backup plan within the same region which is not compliant as per your frame work. You can view the non-compliant backup plan as detailed in the below article,

Finding non-compliant resources - https://docs.aws.amazon.com/aws-backup/latest/devguide/finding-non-compliant-resources.html

If you would like AWS to perform further analysis then I request you to raise a case with AWS Backup Support as further analysis pertaining to your control and account is required.

AWS
SUPPORT ENGINEER
Sathya
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content