Ensure that a compliant lifecycle configuration is enabled for your Amazon Backup plans in order to meet compliance requirements when it comes to security and cost optimization. The AWS Backup lifecycle configuration defines when scheduled backups are transitioned to cold storage and when these are set to expire. Prior to running this conformity rule by the Cloud Conformity engine, you need to specify your own Amazon Backup lifecycle configuration in the rule settings. The lifecycle configuration parameters that must be defined for the rule settings are MoveToColdStorageAfterDays – the number of days after creation that a backup recovery point is moved to cold storage and DeleteAfterDays – the number of days after creation that a recovery point is deleted (must be greater than MoveToColdStorageAfterDays).
optimisation
Amazon Backup service transitions and expires backups automatically according to the lifecycle configuration that you define. That being said, having a compliant lifecycle configuration enabled for your AWS Backup plans will enforce your backup strategy to follow security best practices and meet regulatory compliance within your organization.
Audit
To determine if your AWS Backup plans have a compliant lifecycle configuration enabled, perform the following actions:
Remediation / Resolution
To implement compliant lifecycle configurations for your existing Amazon Backup plans, perform the following actions:
References
- AWS Documentation
- AWS Backup FAQs
- Managing Backups Using Backup Plans
- Updating a Backup Plan
- Recovery Points
- AWS Command Line Interface (CLI) Documentation
- list-backup-plans
- get-backup-plan
- update-backup-plan