Questions tagged with Backup & Recovery

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS Backup for AWS Organizations IAM Configuration Issue

I am having issues setting up the required IAM access for cross account backups. As I understand the requirements there are four places to configure IAM access: Source Account (management account) Backup Vault Source Account (management account) Resource Assignment Target Account Backup Vault Target Account IAM access role From the AWS Backup Developer Guide p162 I understand that the IAM roles in the Source and Target accounts, Backup Vaults, and the Backup Vault permissions need to match. I have the following configured: Source Account Backup Vault Access – “Allow Access to Backup Vault from Organisation” Source Account Resource Assignment – Role with default policy called “AWSBackupOrganizationAdminAccess” Target Account Backup Vault Access - “Allow Access to Backup Vault from Organisation” Target Account IAM access role - Role with default policy called “AWSBackupOrganizationAdminAccess” I have followed the setup guide to enable cross account backups for my AWS organization. When I run a backup job for an EC2 server in the target account I get the following error: Your backup job failed as AWS Backup does not have permission to describe resource <aws ec2 arn> I assume that somewhere I do not have the IAM access configured correctly. As there are four places where I can configure IAM access how do I track down where the issue is?
1
answers
0
votes
176
views
asked 8 months ago

CloudFormation - Importing existing AWS Backup

Hi, I have an existing AWS Backup setup for Aurora, which I created via the console UI. I have now put together a cloudformation template for that which I'd like to import - I'm following through the import with existing resources wizard, but hitting an error I'm unable to understand. After selecting the new template I am asked to enter on the UI AWS::Backup::BackupVault - BackupVaultName AWS::Backup::BackupPlan - BackupPlanId AWS::Backup::BackupSelection - Id On entering these value and then hitting next a few times to get to the final screen. It will load for a few moments calculating the change set and then say "Backup Plan ID and Selection ID must be provided" Although I do enter those values during the wizard. Any suggestions? Thanks Template below - This work all as expected if the Backup Plan does not currently exist ``` AWSTemplateFormatVersion: 2010-09-09 Description: >- Create RDS Backup Parameters: OnlyCreateVault: Description: This is for the DR region. Only other required parameters are Environment and CostAllocation Type: String Default: false AllowedValues: [true, false] DestinationBackupVaultArn: Type: String ResourceSelectionIamRoleArn: Type: String ResourceSelectionArn: Description: Comma separated list of resource ARNs Type: String CostAllocation: Type: String AllowedValues: - 'Dev' - 'Demo' - 'Test' - 'Live' Environment: Type: String AllowedValues: - 'develop' - 'testing' - 'testenv' - 'demo' - 'live' - 'dr' Conditions: CreateAllResources: !Equals [!Ref OnlyCreateVault, false] Resources: Vault: Type: AWS::Backup::BackupVault DeletionPolicy: Delete Properties: BackupVaultName: !Sub backup-vault-${Environment}-rds-1 BackupVaultTags: CostAllocation: !Ref CostAllocation Plan: Condition: CreateAllResources Type: AWS::Backup::BackupPlan DeletionPolicy: Delete Properties: BackupPlan: BackupPlanName: !Sub backup-plan-${Environment}-rds-1 BackupPlanRule: - RuleName: !Sub backup-rule-${Environment}-daily-1 CompletionWindowMinutes: 720 CopyActions: - DestinationBackupVaultArn: !Ref DestinationBackupVaultArn Lifecycle: DeleteAfterDays: 7 EnableContinuousBackup: true Lifecycle: DeleteAfterDays: 35 StartWindowMinutes: 120 ScheduleExpression: cron(0 1 ? * * *) TargetBackupVault: !Sub backup-vault-${Environment}-rds-1 - RuleName: !Sub backup-rule-${Environment}-weekly-1 CompletionWindowMinutes: 720 CopyActions: - DestinationBackupVaultArn: !Ref DestinationBackupVaultArn Lifecycle: DeleteAfterDays: 35 EnableContinuousBackup: false Lifecycle: DeleteAfterDays: 42 StartWindowMinutes: 120 ScheduleExpression: cron(0 1 ? * * *) TargetBackupVault: !Sub backup-vault-${Environment}-rds-1 - RuleName: !Sub backup-rule-${Environment}-monthly-1 CompletionWindowMinutes: 720 CopyActions: - DestinationBackupVaultArn: !Ref DestinationBackupVaultArn Lifecycle: MoveToColdStorageAfterDays: 365 EnableContinuousBackup: false Lifecycle: DeleteAfterDays: 365 StartWindowMinutes: 120 ScheduleExpression: cron(0 1 ? * * *) TargetBackupVault: !Sub backup-vault-${Environment}-rds-1 BackupPlanTags: CostAllocation: Ref: CostAllocation ResourceSelection: Condition: CreateAllResources Type: AWS::Backup::BackupSelection DeletionPolicy: Delete Properties: BackupPlanId: !Ref Plan BackupSelection: IamRoleArn: !Ref ResourceSelectionIamRoleArn Resources: !Split [",", !Ref ResourceSelectionArn] SelectionName: !Sub backup-resource-${Environment}-rds-1 ```
0
answers
0
votes
36
views
asked 8 months ago