Best practice rules for AWS Backup
- AWS Backup Service Lifecycle Configuration
Ensure Amazon Backup plans have a compliant lifecycle configuration enabled.
- Check for Protected Amazon Backup Resource Types
Ensure that the appropriate resource types are protected by Amazon Backup within your AWS account.
- Configure AWS Backup Vault Access Policy
Prevent deletion of backups using an Amazon Backup vault resource-based access policy.
- Enable Alert Notifications for Failed Backup Jobs
Ensure that email notifications for unsuccessful backup jobs are enabled.
- Use AWS Backup Service in Use for Amazon RDS
Ensure that Amazon Backup service is used to manage AWS RDS database snapshots.
- Use KMS Customer Master Keys for AWS Backup
Ensure that your backups are encrypted at rest using KMS Customer Master Keys (CMKs).