Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Forniamo due AWS CloudFormation modelli di esempio come riferimento. Il primo modello crea un semplice piano di backup. Il secondo modello abilita i backup VSS in un piano di backup.
Nota
Se utilizzi il ruolo di servizio predefinito, sostituiscilo service-role conAWSBackupServiceRolePolicyForBackup.
Description: backup plan template to back up all resources daily at 5am UTC, and tag all recovery points with backup:daily.
Resources:
KMSKey:
Type: AWS::KMS::Key
Properties:
Description: "Encryption key for daily"
EnableKeyRotation: True
Enabled: True
KeyPolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
"AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" }
Action:
- kms:*
Resource: "*"
BackupVaultWithDailyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: !GetAtt KMSKey.Arn
BackupPlanWithDailyBackups:
Type: "AWS::Backup::BackupPlan"
Properties:
BackupPlan:
BackupPlanName: "BackupPlanWithDailyBackups"
BackupPlanRule:
- RuleName: "RuleForDailyBackups"
TargetBackupVault: !Ref BackupVaultWithDailyBackups
ScheduleExpression: "cron(0 5 ? * * *)"
DependsOn: BackupVaultWithDailyBackups
DDBTableWithDailyBackupTag:
Type: "AWS::DynamoDB::Table"
Properties:
TableName: "TestTable"
AttributeDefinitions:
- AttributeName: "Album"
AttributeType: "S"
KeySchema:
- AttributeName: "Album"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
Tags:
- Key: "backup"
Value: "daily"
BackupRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "backup.amazonaws.com"
Action:
- "sts:AssumeRole"
ManagedPolicyArns:
- "arn:aws:iam::aws:policy/service-role/service-role"
TagBasedBackupSelection:
Type: "AWS::Backup::BackupSelection"
Properties:
BackupSelection:
SelectionName: "TagBasedBackupSelection"
IamRoleArn: !GetAtt BackupRole.Arn
ListOfTags:
- ConditionType: "STRINGEQUALS"
ConditionKey: "backup"
ConditionValue: "daily"
BackupPlanId: !Ref BackupPlanWithDailyBackups
DependsOn: BackupPlanWithDailyBackupsDescription: backup plan template to enable Windows VSS and add backup rule to take backup of assigned resources daily at 5am UTC.
Resources:
KMSKey:
Type: AWS::KMS::Key
Properties:
Description: "Encryption key for daily"
EnableKeyRotation: True
Enabled: True
KeyPolicy:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
"AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" }
Action:
- kms:*
Resource: "*"
BackupVaultWithDailyBackups:
Type: "AWS::Backup::BackupVault"
Properties:
BackupVaultName: "BackupVaultWithDailyBackups"
EncryptionKeyArn: !GetAtt KMSKey.Arn
BackupPlanWithDailyBackups:
Type: "AWS::Backup::BackupPlan"
Properties:
BackupPlan:
BackupPlanName: "BackupPlanWithDailyBackups"
AdvancedBackupSettings:
- ResourceType: EC2
BackupOptions:
WindowsVSS: enabled
BackupPlanRule:
- RuleName: "RuleForDailyBackups"
TargetBackupVault: !Ref BackupVaultWithDailyBackups
ScheduleExpression: "cron(0 5 ? * * *)"
DependsOn: BackupVaultWithDailyBackups