AWS Backup Vault

This page shows how to write Terraform and CloudFormation for AWS Backup Vault and write them securely.

aws_backup_vault (Terraform)

The Vault in AWS Backup can be configured in Terraform with the resource name aws_backup_vault. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L39
resource "aws_backup_vault" "daily" {
  count = local.daily_backup_count
  name  = "daily"
  tags  = merge(var.tags, var.tags_vault)
}
resource "aws_backup_vault" "daily_cross_region" {
backup.tf#L1
resource "aws_backup_vault" "jenkins_vault" {
  provider    = aws.use1
  name        = "jenkins_vault"
  kms_key_arn = "arn:aws:kms:us-east-1:143269240300:key/cb211a28-db0b-4355-83f6-b824067811d5"
}

backup_vault_test.tf#L12
resource "aws_backup_vault" "usage" {
  name = "aws_backup_vault"
}

resource "aws_backup_vault" "non_usage" {
  name = "aws_backup_vault"
backup_vault_test.tf#L12
resource "aws_backup_vault" "usage" {
  name = "aws_backup_vault"
}

resource "aws_backup_vault" "non_usage" {
  name = "aws_backup_vault"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides an AWS Backup vault resource.

AWS::Backup::BackupVault (CloudFormation)

The BackupVault in Backup can be configured in CloudFormation with the resource name AWS::Backup::BackupVault. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

backup-tagoptions.yml#L23
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupVaultWithWeeklyBackups:
backup-tagoptions.yml#L23
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupVaultWithWeeklyBackups:
backup_daily_windows.yml#L21
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupPlanWithDailyBackups:
tag-based-backup-selection-no-parameters.yml#L20
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVault-01"
      AccessPolicy:
        Version: '2012-10-17'
        Statement:
fullbackup.yml#L19
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "AurorabackupVault"

  BackupPlan:
    Type: "AWS::Backup::BackupPlan"
vault.json#L3
        "Type": "AWS::Backup::BackupVault",
        "Properties": {
            "BackupVaultName": {
                "Ref": "UniqueIdentifierParam"
            },
            "BackupVaultTags": {
vault.json#L3
        "Type" : "AWS::Backup::BackupVault",
        "Properties" : {
            "BackupVaultName": "0x4447_SFTP"
        }
    }
vault.json#L3
        "Type": "AWS::Backup::BackupVault",
        "Properties": {
            "BackupVaultName": {
                "Ref": "UniqueIdentifierParam"
            },
            "BackupVaultTags": {
aws_backup.json#L13
      "ValueType": "AWS::Backup::BackupVault.BackupVaultName"
    }
  },
  {
    "op": "add",
    "path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",
aws_backup.json#L13
      "ValueType": "AWS::Backup::BackupVault.BackupVaultName"
    }
  },
  {
    "op": "add",
    "path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",

Parameters

Explanation in CloudFormation Registry

Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.

Note Do not include sensitive data, such as passport numbers, in the name of a backup vault.

Frequently asked questions

What is AWS Backup Vault?

AWS Backup Vault is a resource for Backup of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Backup Vault?

For Terraform, the USSBA/terraform-aws-backup-plans, devopsbynaresh/alsac-raja-automation-jenkins and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the mynameisakash/aws-service-catalog-reference-architectures, aws-samples/aws-service-catalog-reference-architectures and mobious999/Cloudformation source code examples are useful. See the CloudFormation Example section for further details.