Working with audit reports - Amazon Backup
Enhanced job report context
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Working with audit reports

Amazon Backup Audit Manager reports are automatically generated evidence of your Amazon Backup activity, such as:

  • Which backup jobs finished and when

  • Which resources you backed up

There are two types of reports. When you create a report, you choose which type is created.

One type is a jobs report, which shows jobs finished in the last 24 hours and all active jobs with comprehensive context about vault properties, backup plan configurations, and lifecycle settings. Jobs reports do not display a status of completed with issues. To find this status, you can filter for Completed jobs with one or more status messages. Amazon Backup will only include a status message as part of a Completed job's status if the message requires attention or action.

The second type of report is a compliance report. Compliance reports can monitor resource levels or the different controls that are in effect.

Amazon Backup Audit Manager delivers a daily report in to your Amazon S3 bucket. If the report is for the current region and current account, you can choose to receive the report in either CSV or JSON format. Otherwise, the report is available in CSV format. The timing of the daily report might fluctuate over several hours because Amazon Backup Audit Manager performs randomization to maintain its performance. You can also run an on-demand report anytime.

All account holders can create cross-Region reports; management and delegated administrator account holders can also create cross-account reports.

Tip

To ensure reports generated by delegated administrator accounts show all member account data, create frameworks in each of those member accounts.

Enhanced job report context

Amazon Backup Audit Manager job reports now include expanded context to help customers better understand backup operations, especially for delegated administrator accounts monitoring across organizations.

The enhanced reports now include:

  • Vault information: Vault type, lock status, and encryption details

  • Backup plan context: Plan names, rule names, schedules, and timezones

  • Lifecycle settings: Retention periods and cold storage transition settings

  • Resource details: Resource names and enhanced job metadata

This expanded context eliminates the need for additional API calls to DescribeBackupVault, DescribeBackupPlan, and DescribeRecoveryPoint, providing comprehensive job information in a single report.

Note

The expanded context provides information that previously required separate API calls with additional permissions. Ensure that users with access to these reports have appropriate permissions for the enhanced information being provided.

You can have a maximum of 20 report plans per Amazon Web Services account.

Note

Resources such as RDS that do not have the capability to show incremental bytes of data of a specific backup will display the value backupSizeInBytes as 0.

To allow Amazon Backup Audit Manager to create daily or on-demand reports, you must first create a report plan from a report template.

Topics