As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá. # CloudFormation modelos para planos de backup Nós fornecemos três CloudFormation modelos de amostra para sua referência. O primeiro modelo cria um plano de backup simples. O segundo modelo permite backups do VSS em um plano de backup. O terceiro modelo permite a verificação do Amazon GuardDuty Malware Protection em um plano de backup. **nota** Se você estiver usando a função de serviço padrão, *service-role* substitua por`AWSBackupServiceRolePolicyForBackup`. ``` Description: backup plan template to back up all resources daily at 5am UTC, and tag all recovery points with backup:daily. Resources: KMSKey: Type: AWS::KMS::Key Properties: Description: "Encryption key for daily" EnableKeyRotation: True Enabled: True KeyPolicy: Version: "2012-10-17" Statement: - Effect: Allow Principal: "AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" } Action: - kms:* Resource: "*" BackupVaultWithDailyBackups: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "BackupVaultWithDailyBackups" EncryptionKeyArn: !GetAtt KMSKey.Arn BackupPlanWithDailyBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithDailyBackups" BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: !Ref BackupVaultWithDailyBackups ScheduleExpression: "cron(0 5 ? * * *)" DependsOn: BackupVaultWithDailyBackups DDBTableWithDailyBackupTag: Type: "AWS::DynamoDB::Table" Properties: TableName: "TestTable" AttributeDefinitions: - AttributeName: "Album" AttributeType: "S" KeySchema: - AttributeName: "Album" KeyType: "HASH" ProvisionedThroughput: ReadCapacityUnits: "5" WriteCapacityUnits: "5" Tags: - Key: "backup" Value: "daily" BackupRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "backup.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/service-role" TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "TagBasedBackupSelection" IamRoleArn: !GetAtt BackupRole.Arn ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backup" ConditionValue: "daily" BackupPlanId: !Ref BackupPlanWithDailyBackups DependsOn: BackupPlanWithDailyBackups ``` ``` Description: backup plan template to enable Windows VSS and add backup rule to take backup of assigned resources daily at 5am UTC. Resources: KMSKey: Type: AWS::KMS::Key Properties: Description: "Encryption key for daily" EnableKeyRotation: True Enabled: True KeyPolicy: Version: "2012-10-17" Statement: - Effect: Allow Principal: "AWS": { "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root" } Action: - kms:* Resource: "*" BackupVaultWithDailyBackups: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "BackupVaultWithDailyBackups" EncryptionKeyArn: !GetAtt KMSKey.Arn BackupPlanWithDailyBackups: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithDailyBackups" AdvancedBackupSettings: - ResourceType: EC2 BackupOptions: WindowsVSS: enabled BackupPlanRule: - RuleName: "RuleForDailyBackups" TargetBackupVault: !Ref BackupVaultWithDailyBackups ScheduleExpression: "cron(0 5 ? * * *)" DependsOn: BackupVaultWithDailyBackups ``` ``` Description: Backup plan template with Amazon GuardDuty Malware Protection scanning enabled. Resources: BackupVault: Type: "AWS::Backup::BackupVault" Properties: BackupVaultName: "MalwareScanBackupVault" BackupPlanWithMalwareScanning: Type: "AWS::Backup::BackupPlan" Properties: BackupPlan: BackupPlanName: "BackupPlanWithMalwareScanning" BackupPlanRule: - RuleName: "DailyBackupWithIncrementalScan" TargetBackupVault: !Ref BackupVault ScheduleExpression: "cron(0 5 ? * * *)" Lifecycle: DeleteAfterDays: 35 ScanActions: - MalwareScanner: GUARDDUTY ScanMode: INCREMENTAL_SCAN - RuleName: "MonthlyBackupWithFullScan" TargetBackupVault: !Ref BackupVault ScheduleExpression: "cron(0 5 1 * ? *)" Lifecycle: DeleteAfterDays: 365 ScanActions: - MalwareScanner: GUARDDUTY ScanMode: FULL_SCAN ScanSettings: - MalwareScanner: GUARDDUTY ResourceTypes: - EBS ScannerRoleArn: !GetAtt ScannerRole.Arn DependsOn: BackupVault ScannerRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "malware-protection.guardduty.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/AWSBackupGuardDutyRolePolicyForScans" BackupRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "backup.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - "arn:aws:iam::aws:policy/service-role/service-role" - "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForScans" TagBasedBackupSelection: Type: "AWS::Backup::BackupSelection" Properties: BackupSelection: SelectionName: "MalwareScanSelection" IamRoleArn: !GetAtt BackupRole.Arn ListOfTags: - ConditionType: "STRINGEQUALS" ConditionKey: "backup" ConditionValue: "true" BackupPlanId: !Ref BackupPlanWithMalwareScanning DependsOn: BackupPlanWithMalwareScanning ```