Controls for AWS Backup

When you enable AWS Backup in your AWS Control Tower landing zone, some preventive controls are activated in your environment. These controls protect the resources that AWS Backup needs to operate with AWS Control Tower. You cannot enable these controls if AWS Backup is not enabled for your landing zone.

Topics

[CT.BACKUP.PV.1] Disallow modification of a tag that AWS Control Tower applies to AWS Backup resources
[CT.BACKUP.PV.2] Disallow modification of an AWS Backup report plan that AWS Control Tower manages
[CT.BACKUP.PV.3] Disallow modification of an AWS Backup resource that AWS Control Tower manages
[CT.IAM.PV.1] Disallow modification of an AWS IAM role that AWS Control Tower utilizes to manage AWS Backup resources
[CT.S3.PV.1] Disallow modification of an Amazon S3 bucket that stores AWS Backup reports for AWS Control Tower

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CT.EC2.PV.11

CT.BACKUP.PV.1