AWS Backup Vault Policy
This page shows how to write Terraform and CloudFormation for AWS Backup Vault Policy and write them securely.
aws_backup_vault_policy (Terraform)
The Vault Policy in AWS Backup can be configured in Terraform with the resource name aws_backup_vault_policy
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_backup_vault_policy" "backup_vault_policy" {
count = var.enable_backup_vault_policy ? 1 : 0
backup_vault_name = var.backup_vault_policy_backup_vault_name != "" ? var.backup_vault_policy_backup_vault_name : (var.enable_backup_vault ? element(aws_backup_vault.backup_vault.*.name, 0) : null)
policy = var.backup_vault_policy
resource "aws_backup_vault_policy" "destination" {
backup_vault_name = aws_backup_vault.vault_destination.name
policy = <<POLICY
{
"Version": "2012-10-17",
resource "aws_backup_vault_policy" "backup_vault_policy" {
count = var.enable_backup_vault_policy ? 1 : 0
backup_vault_name = var.backup_vault_policy_backup_vault_name != "" ? var.backup_vault_policy_backup_vault_name : (var.enable_backup_vault ? element(aws_backup_vault.backup_vault.*.name, 0) : null)
policy = var.backup_vault_policy
resource "aws_backup_vault_policy" "allow-policy" {
backup_vault_name = aws_backup_vault.vault-souce.name
policy = <<POLICY
{
"Version": "2012-10-17",
Parameters
-
backup_vault_arn
optional computed - string -
backup_vault_name
required - string -
id
optional computed - string -
policy
required - string
Explanation in Terraform Registry
Provides an AWS Backup vault policy resource.
AWS::Backup::BackupVault (CloudFormation)
The BackupVault in Backup can be configured in CloudFormation with the resource name AWS::Backup::BackupVault
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: !GetAtt KMSKey.Arn
BackupVaultWithWeeklyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: !GetAtt KMSKey.Arn
BackupVaultWithWeeklyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: !GetAtt KMSKey.Arn
BackupPlanWithDailyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVault-01"
AccessPolicy:
Version: '2012-10-17'
Statement:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "AurorabackupVault"
BackupPlan:
Type: "AWS::Backup::BackupPlan"
"Type" : "AWS::Backup::BackupVault",
"Properties" : {
"BackupVaultName": "0x4447_SFTP"
}
}
"Type": "AWS::Backup::BackupVault",
"Properties": {
"BackupVaultName": {
"Ref": "UniqueIdentifierParam"
},
"BackupVaultTags": {
"Type": "AWS::Backup::BackupVault",
"Properties": {
"BackupVaultName": {
"Ref": "UniqueIdentifierParam"
},
"BackupVaultTags": {
"ValueType": "AWS::Backup::BackupVault.BackupVaultName"
}
},
{
"op": "add",
"path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",
"ValueType": "AWS::Backup::BackupVault.BackupVaultName"
}
},
{
"op": "add",
"path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",
Parameters
-
AccessPolicy
optional - Json -
BackupVaultName
required - String -
BackupVaultTags
optional - Map -
EncryptionKeyArn
optional - String -
Notifications
optional - NotificationObjectType -
LockConfiguration
optional - LockConfigurationType
Explanation in CloudFormation Registry
Creates a logical container where backups are stored. A
CreateBackupVault
request includes a name, optionally one or more resource tags, an encryption key, and a request ID.Note Do not include sensitive data, such as passport numbers, in the name of a backup vault.
Frequently asked questions
What is AWS Backup Vault Policy?
AWS Backup Vault Policy is a resource for Backup of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Backup Vault Policy?
For Terraform, the SebastianUA/terraform, jipara/aws-backup-cross-account and asrkata/SebastianUA-terraform source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the mynameisakash/aws-service-catalog-reference-architectures, aws-samples/aws-service-catalog-reference-architectures and mobious999/Cloudformation source code examples are useful. See the CloudFormation Example section for further details.