Getting started 7: Create an audit report - Amazon Backup
Next steps
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Getting started 7: Create an audit report

In Getting started 5: View your backup jobs and recovery points, you observed your backup activity in the Amazon Backup Dashboard, Backup vault, and Protected Resources views. However, these views are dynamic and will update depending on when you visit them. These views are not necessarily the best evidence of continued compliance with your organizational data protection requirements and controls across time.

In this step, you will create an on-demand backup job report using Amazon Backup Audit Manager.

Amazon Backup Audit Manager delivers a variety of audit reports in CSV, JSON, or both formats daily and on-demand to your Amazon S3 bucket. You can audit the compliance of your backup activity and resources against a number of customizable controls. You can receive reports on your backup, copy, and restore jobs. The backup job report is evidence that your backup jobs took place.

The following is an example of a backup plan.

{
  "reportItems": [
    {
      "reportTimePeriod": "2021-07-14T00:00:00Z - 2021-07-15T00:00:00Z",
      "accountId": "112233445566",
      "region": "us-west-2",
      "backupJobId": "FCCB040A-9426-2A49-2EA9-5EAFFAC00000",
      "jobStatus": "COMPLETED",
      "resourceType": "EC2",
      "resourceArn": "arn:aws:ec2:us-west-2:112233445566:instance/i-0bc877aee77800000",
      "backupPlanArn": "arn:aws:backup:us-west-2:112233445566:backup-plan:349f2247-b489-4301-83ac-4b7dd7200000",
      "backupRuleId": "ab88bbf8-ff4e-4f1b-92e7-e13d3e6abcde",
      "creationDate": "2021-07-14T23:53:47.229Z",
      "completionDate": "2021-07-15T00:16:07.282Z",
      "recoveryPointArn": "arn:aws:ec2:us-west-2::image/ami-030cafb98e5aabcde",
      "jobRunTime": "00:22:20",
      "backupSizeInBytes": 8589934592,
      "backupVaultName": "Default",
      "backupVaultArn": "arn:aws:backup:us-west-2:112233445566:backup-vault:Default",
      "iamRoleArn": "arn:aws:iam::112233445566:role/service-role/AWSBackupDefaultServiceRole"
    }
  ]
}

To create a backup report (including an on-demand backup report), you first create a report plan to automate your reports and deliver them to an Amazon S3 bucket.

A report plan requires that you have an Amazon S3 bucket to receive your reports. For instructions on setting up a new S3 bucket, see Step 1: Create your first S3 bucket in the Amazon Simple Storage Service User Guide.

To create a report plan

  1. Sign in to the Amazon Web Services Management Console, and open the Amazon Backup console at https://console.amazonaws.cn/backup.

  2. In the left navigation pane, choose Reports.

  3. Choose Create report plan.

  4. Select Backup job report from the dropdown list.

  5. For Report plan name, enter TestBackupJobReport.

  6. For File format, choose both CSV and JSON.

  7. For S3 bucket name, select the destination for your reports from the dropdown list.

  8. Choose Create report plan.

Next, you must allow your S3 bucket to receive report from Amazon Backup. Amazon Backup Audit Manager automatically generates an S3 access policy for you.

To view and apply this access policy

  1. In the left navigation pane, choose Reports.

  2. Under Report plan name, choose the name of your report plan (TestBackupJobReport).

  3. Choose Edit.

  4. Choose View access policy for S3 bucket.

  5. Choose Copy permissions.

  6. Choose Edit bucket policy to edit your destination S3 bucket’s policy to allow it to receive your backup job reports.

  7. Copy or add the permissions to the destination S3 bucket policy.

Next, create your first backup job report.

To create an on-demand backup report

  1. In the left navigation pane, choose Reports.

  2. Under Report plan name, choose the name of your report plan (TestBackupJobReport).

  3. Choose Create on-demand report.

Finally, view your report.

To view your report

  1. In the left navigation pane, choose Reports.

  2. Under Report plan name, choose the name of your report plan (TestBackupJobReport).

  3. In the Report jobs section, choose the S3 link. Doing so takes you to your destination S3 bucket.

  4. Choose Download.

  5. Open the report using the program that you use to work with CSV or JSON files.

Next steps

To clean up your getting started resources and avoid unwanted charges, proceed to Getting started 8: Clean up resources.