Erstellen von Frameworks mit dem AWS Backup API

Die folgende Tabelle enthält API CreateFramework Beispielanfragen an die einzelnen Kontrollen sowie API Beispielantworten auf die entsprechenden DescribeFramework Anfragen. Um programmgesteuert mit AWS Backup Audit Manager zu arbeiten, können Sie auf diese Codefragmente zurückgreifen.

Kontrolle	`CreateFramework`-Anfrage	`DescribeFramework`-Antwort
`Backup resources are included in at least one backup plan`	`{"FrameworkName": "Control1", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["RDS"] // Evaluate only RDS instances } } ], "IdempotencyToken": "Control1", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control1", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control1-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["RDS"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control1", "FrameworkTags": {"key1": "foo"} }
`Backup plan minimum frequency and minimum retention`	{"FrameworkName": "Control2", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"}, {"ParameterName": "requiredFrequencyUnit", "ParameterValue": "hours"}, {"ParameterName": "requiredFrequencyValue", "ParameterValue": "24"} ], "ControlScope": { "Tags": {"key1": "prod"} // Evaluate backup plans that tagged with "key1": "prod". } } ], "IdempotencyToken": "Control2", "FrameworkTags": {"key1": "foo"} }	{"FrameworkName": "Control2", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"}, {"ParameterName": "requiredFrequencyUnit", "ParameterValue": "hours"}, {"ParameterName": "requiredFrequencyValue", "ParameterValue": "24"} ], "ControlScope": { "Tags": {"key1": "prod"} } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control2", "FrameworkTags": {"key1": "foo"} }
`Vaults prevent manual deletion of recovery points`	{"FrameworkName": "Control3", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED", "ControlInputParameters": [ {"ParameterName": "principalArnList", "ParameterValue": "arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess, arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer, arn:aws:iam::123456789012:role/service-role/QuickSightAction"} ], "ControlScope": {"ComplianceResourceIds":["default"], "ComplianceResourceTypes": ["AWS::Backup::BackupVault"] } } ], "IdempotencyToken": "Control3", "FrameworkTags": {"key1": "foo"} }	{"FrameworkName": "Control3", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED", "ControlInputParameters": [ {"ParameterName": "principalArnList", "ParameterValue": "arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess, arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer, arn:aws:iam::123456789012:role/service-role/QuickSightAction"} ], "ControlScope": {"ComplianceResourceIds":["default"], "ComplianceResourceTypes": ["AWS::Backup::BackupVault"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control3", "FrameworkTags": {"key1": "foo"} }
`Minimum retention established for recovery point`	`{"FrameworkName": "Control4", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"} ], "ControlScope": {} // Default scope (no scope input) sets scope to all recovery points. } ], "IdempotencyToken": "Control4", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control4", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-6e7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"} ], "ControlScope": {} } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control4", "FrameworkTags": {"key1": "foo"} }
`Backup recovery points are encrypted`	`{"FrameworkName": "Control5", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED", "ControlInputParameters": [], "ControlScope": {} // Default scope (no scope input) is all recovery points } ], "IdempotencyToken": "Control5", "FrameworkTags": {"key1": "foo"} }`	`{"FrameworkName": "Control5", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-7e7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED", "ControlInputParameters": [], "ControlScope": {} } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control5", "FrameworkTags": {"key1": "foo"} }`
`Cross-Region backup copy is scheduled`	`{"FrameworkName": "Control6", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control6", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control6", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control6", "FrameworkTags": {"key1": "foo"} }
`Cross-account backup copy is scheduled`	`{"FrameworkName": "Control7", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control7", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control7", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control7", "FrameworkTags": {"key1": "foo"} }
`Backups are protected by AWS Backup Vault Lock`	`{"FrameworkName": "Control8", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control8", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control8", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control8-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control8", "FrameworkTags": {"key1": "foo"} }
`Last recovery point was created`	`{"FrameworkName": "Control9", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control9", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control9", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control9", "FrameworkTags": {"key1": "foo"} }
`Restore time for resources meet target`	`{"FrameworkName":"Control10", "FrameworkDescription":"This is a test framework", "FrameworkControls":[ { "ControlName":"RESTORE_TIME_FOR_RESOURCES_MEET_TARGET", "ControlInputParameters":[ { "ParameterName":"maxRestoreTime", "ParameterValue":"720" } ], "ControlScope":{ "ComplianceResourceIds":[ ], "ComplianceResourceTypes":[ "DynamoDB" // Evaluates only DynamoDB databases ] } } ]"IdempotencyToken":"Control10", "FrameworkTags":{ "key1":"foo" } }`	{"FrameworkName": "Control10", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "RESTORE_TIME_FOR_RESOURCES_MEET_TARGET", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control10", "FrameworkTags": {"key1": "foo"} }
`RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT`	`{"FrameworkName":"Control11", "FrameworkDescription":"This is a test framework", "FrameworkControls":[ { "ControlName":"RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT", "ControlInputParameters":[ { "ParameterName":"recoveryPointAgeValue", "ParameterValue":"10" } { "ParameterName":"recoveryPointAgeUnit", "ParameterValue":"days" } ], "ControlScope":{ "ComplianceResourceTypes":[ "EC2" ] } } ]"IdempotencyToken":"Control11", "FrameworkTags":{ "key1":"foo" } }`	`{"FrameworkName": "Control11", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control11-ab1234cd-5e67-89fg-06a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2","EBS"] } } ], "CreationTime": 1726087776.316, "DeploymentStatus": "COMPLETED", "FrameworkStatus": "ACTIVE", "IdempotencyToken": "Control11", "FrameworkTags": {"key1": "foo"} }`

Warnung JavaScript ist in Ihrem Browser nicht verfügbar oder deaktiviert.

Zur Nutzung der AWS-Dokumentation muss JavaScript aktiviert sein. Weitere Informationen finden auf den Hilfe-Seiten Ihres Browsers.

Dokumentkonventionen

Frameworks mithilfe der AWS Backup Konsole erstellen

Anzeigen des Framework-Compliance-Status