This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::Backup::BackupVault Creates a logical container where backups are stored. A `CreateBackupVault` request includes a name, optionally one or more resource tags, an encryption key, and a request ID. Do not include sensitive data, such as passport numbers, in the name of a backup vault. For a sample Amazon CloudFormation template, see the [Amazon Backup Developer Guide](https://docs.amazonaws.cn/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-cfn). ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::Backup::BackupVault", "Properties" : { "[AccessPolicy](#cfn-backup-backupvault-accesspolicy)" : {{Json}}, "[BackupVaultName](#cfn-backup-backupvault-backupvaultname)" : {{String}}, "[BackupVaultTags](#cfn-backup-backupvault-backupvaulttags)" : {{{{{Key}}: {{Value}}, ...}}}, "[EncryptionKeyArn](#cfn-backup-backupvault-encryptionkeyarn)" : {{String}}, "[LockConfiguration](#cfn-backup-backupvault-lockconfiguration)" : {{LockConfigurationType}}, "[Notifications](#cfn-backup-backupvault-notifications)" : {{NotificationObjectType}} } } ``` ### YAML ``` Type: AWS::Backup::BackupVault Properties: [AccessPolicy](#cfn-backup-backupvault-accesspolicy): {{Json}} [BackupVaultName](#cfn-backup-backupvault-backupvaultname): {{String}} [BackupVaultTags](#cfn-backup-backupvault-backupvaulttags): {{ {{Key}}: {{Value}}}} [EncryptionKeyArn](#cfn-backup-backupvault-encryptionkeyarn): {{String}} [LockConfiguration](#cfn-backup-backupvault-lockconfiguration): {{ LockConfigurationType}} [Notifications](#cfn-backup-backupvault-notifications): {{ NotificationObjectType}} ``` ## Properties `AccessPolicy` A resource-based policy that is used to manage access permissions on the target backup vault. *Required*: No *Type*: Json *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `BackupVaultName` The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Region where they are created. *Required*: Yes *Type*: String *Pattern*: `^[a-zA-Z0-9\-\_]{2,50}$` *Update requires*: [Replacement](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `BackupVaultTags` The tags to assign to the backup vault. *Required*: No *Type*: Object of String *Pattern*: `^.{1,128}$` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EncryptionKeyArn` A server-side encryption key you can specify to encrypt your backups from services that support full Amazon Backup management; for example, `arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`. If you specify a key, you must specify its ARN, not its alias. If you do not specify a key, Amazon Backup creates a KMS key for you by default. To learn which Amazon Backup services support full Amazon Backup management and how Amazon Backup handles encryption for backups from services that do not yet support full Amazon Backup, see [ Encryption for backups in Amazon Backup](https://docs.amazonaws.cn/aws-backup/latest/devguide/encryption.html) *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `LockConfiguration` Configuration for [Amazon Backup Vault Lock](https://docs.amazonaws.cn/aws-backup/latest/devguide/vault-lock.html). *Required*: No *Type*: [LockConfigurationType](aws-properties-backup-backupvault-lockconfigurationtype.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Notifications` The SNS event notifications for the specified backup vault. *Required*: No *Type*: [NotificationObjectType](aws-properties-backup-backupvault-notificationobjecttype.md) *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns`BackupVaultName`. ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.amazonaws.cn/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `BackupVaultArn` An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, `arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault`. `BackupVaultName` The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase and uppercase letters, numbers, and hyphens.