Les traductions sont fournies par des outils de traduction automatique. En cas de conflit entre le contenu d'une traduction et celui de la version originale en anglais, la version anglaise prévaudra. # CloudFormation modèles de plans de sauvegarde Nous fournissons trois exemples de CloudFormation modèles à titre de référence. Le premier modèle crée un plan de sauvegarde simple. Le second modèle autorise les sauvegardes VSS dans un plan de sauvegarde. Le troisième modèle permet à Amazon GuardDuty Malware Protection d'effectuer des analyses dans le cadre d'un plan de sauvegarde. **Note** Si vous utilisez le rôle de service par défaut, remplacez-le *service-role* par`AWSBackupServiceRolePolicyForBackup`. ``` Description: backup plan template to back up all resources daily at 5am UTC, and tag all recovery points with backup:daily. Resources: KMSKey: Type: AWS::KMS::Key Properties: Description: "Encryption key for daily" EnableKeyRotation: True Enabled: True KeyPolicy: Version: "2012-10-17" Statement: - Effect: Allow Principal: "AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" } Action: - kms:* Resource: "*" BackupVaultWithDailyBackups: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "BackupVaultWithDailyBackups" EncryptionKeyArn: !GetAtt KMSKey.Arn BackupPlanWithDailyBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithDailyBackups" BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: !Ref BackupVaultWithDailyBackups ScheduleExpression: "cron(0 5 ? * * *)" DependsOn: BackupVaultWithDailyBackups DDBTableWithDailyBackupTag: Type: "AWS::DynamoDB::Table" Properties: TableName: "TestTable" AttributeDefinitions: - AttributeName: "Album" AttributeType: "S" KeySchema: - AttributeName: "Album" KeyType: "HASH" ProvisionedThroughput: ReadCapacityUnits: "5" WriteCapacityUnits: "5" Tags: - Key: "backup" Value: "daily" BackupRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "backup.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/service-role" TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "TagBasedBackupSelection" IamRoleArn: !GetAtt BackupRole.Arn ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backup" ConditionValue: "daily" BackupPlanId: !Ref BackupPlanWithDailyBackups DependsOn: BackupPlanWithDailyBackups ``` ``` Description: backup plan template to enable Windows VSS and add backup rule to take backup of assigned resources daily at 5am UTC. Resources: KMSKey: Type: AWS::KMS::Key Properties: Description: "Encryption key for daily" EnableKeyRotation: True Enabled: True KeyPolicy: Version: "2012-10-17" Statement: - Effect: Allow Principal: "AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" } Action: - kms:* Resource: "*" BackupVaultWithDailyBackups: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "BackupVaultWithDailyBackups" EncryptionKeyArn: !GetAtt KMSKey.Arn BackupPlanWithDailyBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithDailyBackups" AdvancedBackupSettings: - ResourceType: EC2 BackupOptions: WindowsVSS: enabled BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: !Ref BackupVaultWithDailyBackups ScheduleExpression: "cron(0 5 ? * * *)" DependsOn: BackupVaultWithDailyBackups ``` ``` Description: Backup plan template with Amazon GuardDuty Malware Protection scanning enabled. Resources: BackupVault: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "MalwareScanBackupVault" BackupPlanWithMalwareScanning: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithMalwareScanning" BackupPlanRule: - RuleName: "DailyBackupWithIncrementalScan" TargetBackupVault: !Ref BackupVault ScheduleExpression: "cron(0 5 ? * * *)" Lifecycle: DeleteAfterDays: 35 ScanActions: - MalwareScanner: GUARDDUTY ScanMode: INCREMENTAL_SCAN - RuleName: "MonthlyBackupWithFullScan" TargetBackupVault: !Ref BackupVault ScheduleExpression: "cron(0 5 1 * ? *)" Lifecycle: DeleteAfterDays: 365 ScanActions: - MalwareScanner: GUARDDUTY ScanMode: FULL_SCAN ScanSettings: - MalwareScanner: GUARDDUTY ResourceTypes: - EBS ScannerRoleArn: !GetAtt ScannerRole.Arn DependsOn: BackupVault ScannerRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "malware-protection.guardduty.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/AWSBackupGuardDutyRolePolicyForScans" BackupRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "backup.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/service-role" - "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForScans" TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "MalwareScanSelection" IamRoleArn: !GetAtt BackupRole.Arn ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backup" ConditionValue: "true" BackupPlanId: !Ref BackupPlanWithMalwareScanning DependsOn: BackupPlanWithMalwareScanning ```