Top / Amazon Web Service / AWS Backup / Vault

AWS Backup Vault

This page shows how to write Terraform and CloudFormation for AWS Backup Vault and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_backup_vault (Terraform)

The Vault in AWS Backup can be configured in Terraform with the resource name aws_backup_vault. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L39
resource "aws_backup_vault" "daily" {
  count = local.daily_backup_count
  name  = "daily"
  tags  = merge(var.tags, var.tags_vault)
}
resource "aws_backup_vault" "daily_cross_region" {
backup.tf#L1
resource "aws_backup_vault" "jenkins_vault" {
  provider    = aws.use1
  name        = "jenkins_vault"
  kms_key_arn = "arn:aws:kms:us-east-1:143269240300:key/cb211a28-db0b-4355-83f6-b824067811d5"
}
backup_vault_test.tf#L12
resource "aws_backup_vault" "usage" {
  name = "aws_backup_vault"
}

resource "aws_backup_vault" "non_usage" {
  name = "aws_backup_vault"
backup_vault_test.tf#L12
resource "aws_backup_vault" "usage" {
  name = "aws_backup_vault"
}

resource "aws_backup_vault" "non_usage" {
  name = "aws_backup_vault"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an AWS Backup vault resource.

>> from Terraform Registry

AWS::Backup::BackupVault (CloudFormation)

The BackupVault in Backup can be configured in CloudFormation with the resource name AWS::Backup::BackupVault. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

backup-tagoptions.yml#L23
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupVaultWithWeeklyBackups:
backup-tagoptions.yml#L23
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupVaultWithWeeklyBackups:
backup_daily_windows.yml#L21
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVaultWithDailyBackups"
      EncryptionKeyArn: !GetAtt KMSKey.Arn

  BackupPlanWithDailyBackups:
tag-based-backup-selection-no-parameters.yml#L20
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "BackupVault-01"
      AccessPolicy:
        Version: '2012-10-17'
        Statement:
fullbackup.yml#L19
    Type: "AWS::Backup::BackupVault"
    Properties:
      BackupVaultName: "AurorabackupVault"

  BackupPlan:
    Type: "AWS::Backup::BackupPlan"
vault.json#L3
        "Type": "AWS::Backup::BackupVault",
        "Properties": {
            "BackupVaultName": {
                "Ref": "UniqueIdentifierParam"
            },
            "BackupVaultTags": {
vault.json#L3
        "Type": "AWS::Backup::BackupVault",
        "Properties": {
            "BackupVaultName": {
                "Ref": "UniqueIdentifierParam"
            },
            "BackupVaultTags": {
vault.json#L3
        "Type" : "AWS::Backup::BackupVault",
        "Properties" : {
            "BackupVaultName": "0x4447_SFTP"
        }
    }
aws_backup.json#L13
      "ValueType": "AWS::Backup::BackupVault.BackupVaultName"
    }
  },
  {
    "op": "add",
    "path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",
aws_backup.json#L13
      "ValueType": "AWS::Backup::BackupVault.BackupVaultName"
    }
  },
  {
    "op": "add",
    "path": "/PropertyTypes/AWS::Backup::BackupSelection.BackupSelectionResourceType/Properties/IamRoleArn/Value",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.

Note Do not include sensitive data, such as passport numbers, in the name of a backup vault.

>> from AWS CloudFormation Documentation

The Other Related AWS Backup Resources

Frequently asked questions

What is AWS Backup Vault?

AWS Backup Vault is a resource for Backup of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Backup Vault?

For Terraform, the USSBA/terraform-aws-backup-plans, devopsbynaresh/alsac-raja-automation-jenkins and gilyas/infracost source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the mynameisakash/aws-service-catalog-reference-architectures, aws-samples/aws-service-catalog-reference-architectures and mobious999/Cloudformation source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents