Viewing effective backup policies
You can view the effective backup policy for an account from the AWS Management Console, AWS API, or AWS Command Line Interface. The following section provides a brief overview of the effective backup policy, including an example.
What is the effective backup policy?
The effective backup policy specifies the final backup plan settings that apply to an AWS account. It is the aggregation of any backup policies that the account inherits, plus any backup policy that is directly attached to the account. When you attach a backup policy to the organization's root, it applies to all accounts in your organization. When you attach an backup policy to an organizational unit (OU), it applies to all accounts and OUs that belong to the OU. When you attach a policy directly to an account, it applies only to that one AWS account.
For example, the backup policy attached to the organization root might specify that all accounts in the organization back up all Amazon DynamoDB tables with a default backup frequency of once per week. A separate backup policy attached directly to one member account with critical information in a table can override the frequency with a value of once per day. The combination of these backup policies comprises the effective backup policy. This effective backup policy is determined for each account in the organization individually. In this example, the result is that all accounts in the organization back up their DynamoDB tables once per week, with the exception of one account that backs up its tables daily.
For information about how backup policies are combined into the final effective backup policy, see Understanding management policy inheritance.
Viewing the effective backup policy
You can view the effective backup policy for an account by using the AWS Management Console, AWS API, or AWS Command Line Interface.
Minimum permissions
To view the effective backup policy for an account, you must have permission to run the following actions:
-
organizations:DescribeEffectivePolicy
-
organizations:DescribeOrganization
– required only when using the Organizations console