class BackupVault (construct)
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Backup.BackupVault |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsbackup#BackupVault |
![]() | software.amazon.awscdk.services.backup.BackupVault |
![]() | aws_cdk.aws_backup.BackupVault |
![]() | aws-cdk-lib » aws_backup » BackupVault |
Implements
IConstruct
, IDependable
, IResource
, IBackup
A backup vault.
Example
const importedVault = backup.BackupVault.fromBackupVaultName(this, 'Vault', 'myVaultName');
const role = new iam.Role(this, 'Access Role', { assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com') });
importedVault.grant(role, 'backup:StartBackupJob');
Initializer
new BackupVault(scope: Construct, id: string, props?: BackupVaultProps)
Parameters
- scope
Construct
- id
string
- props
Backup
Vault Props
Construct Props
Name | Type | Description |
---|---|---|
access | Policy | A resource-based policy that is used to manage access permissions on the backup vault. |
backup | string | The name of a logical container where backups are stored. |
block | boolean | Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point. |
encryption | IKey | The server-side encryption key to use to protect your backups. |
lock | Lock | Configuration for AWS Backup Vault Lock. |
notification | Backup [] | The vault events to send. |
notification | ITopic | A SNS topic to send vault events to. |
removal | Removal | The removal policy to apply to the vault. |
accessPolicy?
Type:
Policy
(optional, default: access is not restricted)
A resource-based policy that is used to manage access permissions on the backup vault.
backupVaultName?
Type:
string
(optional, default: A CDK generated name)
The name of a logical container where backups are stored.
Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created.
blockRecoveryPointDeletion?
Type:
boolean
(optional, default: false)
Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point.
encryptionKey?
Type:
IKey
(optional, default: an Amazon managed KMS key)
The server-side encryption key to use to protect your backups.
lockConfiguration?
Type:
Lock
(optional, default: AWS Backup Vault Lock is disabled)
Configuration for AWS Backup Vault Lock.
See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html
notificationEvents?
Type:
Backup
[]
(optional, default: all vault events if notificationTopic
is defined)
The vault events to send.
See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html
notificationTopic?
Type:
ITopic
(optional, default: no notifications)
A SNS topic to send vault events to.
See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html
removalPolicy?
Type:
Removal
(optional, default: RemovalPolicy.RETAIN)
The removal policy to apply to the vault.
Note that removing a vault that contains recovery points will fail.
Properties
Name | Type | Description |
---|---|---|
backup | string | The ARN of the backup vault. |
backup | string | The name of a logical container where backups are stored. |
env | Resource | The environment this resource belongs to. |
node | Node | The tree node. |
stack | Stack | The stack in which this resource is defined. |
backupVaultArn
Type:
string
The ARN of the backup vault.
backupVaultName
Type:
string
The name of a logical container where backups are stored.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
Methods
Name | Description |
---|---|
add | Adds a statement to the vault access policy. |
apply | Apply the given removal policy to this resource. |
block | Adds a statement to the vault access policy that prevents anyone from deleting a recovery point. |
grant(grantee, ...actions) | Grant the actions defined in actions to the given grantee on this Backup Vault resource. |
to | Returns a string representation of this construct. |
static from | Import an existing backup vault by arn. |
static from | Import an existing backup vault by name. |
addToAccessPolicy(statement)
public addToAccessPolicy(statement: PolicyStatement): void
Parameters
- statement
Policy
Statement
Adds a statement to the vault access policy.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
Removal
Policy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
blockRecoveryPointDeletion()
public blockRecoveryPointDeletion(): void
Adds a statement to the vault access policy that prevents anyone from deleting a recovery point.
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable
— Principal to grant right to. - actions
string
— The actions to grant.
Returns
Grant the actions defined in actions to the given grantee on this Backup Vault resource.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromBackupVaultArn(scope, id, backupVaultArn)
public static fromBackupVaultArn(scope: Construct, id: string, backupVaultArn: string): IBackupVault
Parameters
- scope
Construct
- id
string
- backupVaultArn
string
Returns
Import an existing backup vault by arn.
static fromBackupVaultName(scope, id, backupVaultName)
public static fromBackupVaultName(scope: Construct, id: string, backupVaultName: string): IBackupVault
Parameters
- scope
Construct
- id
string
- backupVaultName
string
Returns
Import an existing backup vault by name.