控件 |
CreateFramework 请求 |
DescribeFramework 响应 |
Backup resources are included in at least one backup plan |
{"FrameworkName": "Control1",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["RDS"] // Evaluate only RDS instances
}
}
],
"IdempotencyToken": "Control1",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control1",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control1-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["RDS"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control1",
"FrameworkTags":
{"key1": "foo"}
}
|
Backup plan minimum frequency and minimum retention |
{"FrameworkName": "Control2",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK",
"ControlInputParameters":
[
{"ParameterName": "requiredRetentionDays",
"ParameterValue": "35"},
{"ParameterName": "requiredFrequencyUnit",
"ParameterValue": "hours"},
{"ParameterName": "requiredFrequencyValue",
"ParameterValue": "24"}
],
"ControlScope":
{
"Tags": {"key1": "prod"} // Evaluate backup plans that tagged with "key1": "prod".
}
}
],
"IdempotencyToken": "Control2",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control2",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK",
"ControlInputParameters":
[
{"ParameterName": "requiredRetentionDays",
"ParameterValue": "35"},
{"ParameterName": "requiredFrequencyUnit",
"ParameterValue": "hours"},
{"ParameterName": "requiredFrequencyValue",
"ParameterValue": "24"}
],
"ControlScope":
{
"Tags": {"key1": "prod"}
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control2",
"FrameworkTags":
{"key1": "foo"}
}
|
Vaults prevent manual deletion of recovery points |
{"FrameworkName": "Control3",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED",
"ControlInputParameters":
[
{"ParameterName": "principalArnList",
"ParameterValue":
"arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess,
arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer,
arn:aws:iam::123456789012:role/service-role/QuickSightAction"}
],
"ControlScope":
{"ComplianceResourceIds":["default"],
"ComplianceResourceTypes": ["AWS::Backup::BackupVault"]
}
}
],
"IdempotencyToken": "Control3",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control3",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED",
"ControlInputParameters":
[
{"ParameterName": "principalArnList",
"ParameterValue":
"arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess,
arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer,
arn:aws:iam::123456789012:role/service-role/QuickSightAction"}
],
"ControlScope":
{"ComplianceResourceIds":["default"],
"ComplianceResourceTypes": ["AWS::Backup::BackupVault"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control3",
"FrameworkTags":
{"key1": "foo"}
}
|
Minimum retention established for recovery point |
{"FrameworkName": "Control4",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK",
"ControlInputParameters":
[
{"ParameterName": "requiredRetentionDays",
"ParameterValue": "35"}
],
"ControlScope": {} // Default scope (no scope input) sets scope to all recovery points.
}
],
"IdempotencyToken": "Control4",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control4",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-6e7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK",
"ControlInputParameters":
[
{"ParameterName": "requiredRetentionDays",
"ParameterValue": "35"}
],
"ControlScope": {}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control4",
"FrameworkTags":
{"key1": "foo"}
}
|
Backup recovery points are encrypted |
{"FrameworkName": "Control5",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED",
"ControlInputParameters":
[],
"ControlScope": {} // Default scope (no scope input) is all recovery points
}
],
"IdempotencyToken": "Control5",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control5",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-7e7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED",
"ControlInputParameters":
[],
"ControlScope": {}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control5",
"FrameworkTags":
{"key1": "foo"}
}
|
Cross-Region backup copy is scheduled |
{"FrameworkName": "Control6",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"] // Evaluate only EC2 instances
}
}
],
"IdempotencyToken": "Control6",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control6",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control6",
"FrameworkTags":
{"key1": "foo"}
}
|
Cross-account backup copy is scheduled |
{"FrameworkName": "Control7",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"] // Evaluate only EC2 instances
}
}
],
"IdempotencyToken": "Control7",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control7",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control7",
"FrameworkTags":
{"key1": "foo"}
}
|
Backups are protected by Amazon Backup Vault Lock |
{"FrameworkName": "Control8",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"] // Evaluate only EC2 instances
}
}
],
"IdempotencyToken": "Control8",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control8",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control8-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control8",
"FrameworkTags":
{"key1": "foo"}
}
|
Last recovery point was created |
{"FrameworkName": "Control9",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"] // Evaluate only EC2 instances
}
}
],
"IdempotencyToken": "Control9",
"FrameworkTags":
{"key1": "foo"}
}
|
{"FrameworkName": "Control9",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control9",
"FrameworkTags":
{"key1": "foo"}
}
|
Restore time for resources meet target |
{"FrameworkName":"Control10",
"FrameworkDescription":"This is a test framework",
"FrameworkControls":[
{
"ControlName":"RESTORE_TIME_FOR_RESOURCES_MEET_TARGET",
"ControlInputParameters":[
{
"ParameterName":"maxRestoreTime",
"ParameterValue":"720"
}
],
"ControlScope":{
"ComplianceResourceIds":[
],
"ComplianceResourceTypes":[
"DynamoDB" // Evaluates only DynamoDB databases
]
}
}
]"IdempotencyToken":"Control10",
"FrameworkTags":{
"key1":"foo"
}
}
|
{"FrameworkName": "Control10",
"FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642",
"FrameworkDescription": "This is a test framework",
"FrameworkControls":
[
{"ControlName": "RESTORE_TIME_FOR_RESOURCES_MEET_TARGET",
"ControlInputParameters":[],
"ControlScope":
{"ComplianceResourceTypes":
["EC2"]
}
}
],
"CreationTime": 1516925490,
"DeploymentStatus": "Active",
"FrameworkStatus": "Completed",
"IdempotencyToken": "Control10",
"FrameworkTags":
{"key1": "foo"}
}
|