AWS Config Rule: Backup Recovery Point Encrypted

BACKUP_RECOVERY_POINT_ENCRYPTED

Ryan Ware

Last Update 6 เดือนที่แล้ว

Description: Checks if a recovery point is encrypted. The rule is NON_COMPLIANT if the recovery point is not encrypted.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region


How to Resolve Manually

Your AWS Backup Vaults are where you will find your AWS Backup Recovery Points, and the vault should define if you are encrypting the recovery points with a KMS Key. To view this, head to the AWS Backup dashboard within the AWS Console.


Under My Account, head to the sub-heading Backup vaults. Here you will see all of your vaults which gives a count of the current number of recovery points inside each vault.


Here, we have entered the BackupVaultWithAllBackups vault. We can see in the top that it is configured with a KMS Key and lists the encryption key ID.

If your Vault does not have encryption enabled, consider creating a new Vault similar to the same configuration as pictured below with a KMS Key ID linked, which will ensure all backups are encrypted with this key.


You cannot edit a created AWS Backup Vault with a new AWS KMS Key once it has been created.


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us