Creating, updating, and deleting backup policies
In this topic:
-
After you enable backup policies for your organization, you can create a policy.
-
When your backup requirements change, you can update an existing policy.
-
When you no longer need a policy and after you detach it from all organizational units (OUs) and accounts, you can delete it.
Creating a backup policy
Minimum permissions
To create a backup policy, you need permission to run the following action:
-
organizations:CreatePolicy
What to do next
After you create a backup policy, you can put your policy into effect. To do that, you can attach the policy to the organization root, organizational units (OUs), Amazon Web Services accounts within your organization, or a combination of all of those.
Updating a backup policy
When you sign in to your organization's management account, you can edit a policy that requires changes in your organization.
Minimum permissions
To update a backup policy, you must have permission to run the following actions:
-
organizations:UpdatePolicy
with aResource
element in the same policy statement that includes the ARN of the policy to update (or "*") -
organizations:DescribePolicy
with aResource
element in the same policy statement that includes the ARN of the policy to update (or "*")
Editing tags attached to a backup policy
When you sign in to your organization's management account, you can add or remove the tags attached to a backup policy. For more information about tagging, see Tagging Amazon Organizations resources.
Minimum permissions
To edit the tags attached to a backup policy in your Amazon organization, you must have the following permissions:
-
organizations:DescribeOrganization
(console only – to navigate to the policy) -
organizations:DescribePolicy
(console only – to navigate to the policy) -
organizations:TagResource
-
organizations:UntagResource
Deleting a backup policy
When you sign in to your organization's management account, you can delete a policy that you no longer need in your organization.
Before you can delete a policy, you must first detach it from all attached entities.
Minimum permissions
To delete a policy, you must have permission to run the following action:
-
organizations:DeletePolicy
with aResource
element in the same policy statement that includes the ARN of the policy to delete (or "*")
To delete a backup policy
-
Sign in to the Amazon Organizations console
. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account. -
On the Backup policies
page, choose the name of the backup policy that you want to delete. -
You must first detach the backup policy that you want to delete from all roots, OUs, and accounts. Choose the Targets tab, choose the radio button next to each root, OU, or account that is shown in the Targets list, and then choose Detach. In the confirmation dialog box, choose Detach. Repeat until you remove all targets.
-
Choose Delete at the top of the page.
-
On the confirmation dialog box, enter the name of the policy, and then choose Delete.
To delete a backup policy
The following code examples show how to use DeletePolicy
.