AWS Config Rule: Backup Recovery Point Encrypted
BACKUP_RECOVERY_POINT_ENCRYPTED
Ryan Ware
Last Update 10 kuukautta sitten
Description: Checks if a recovery point is encrypted. The rule is NON_COMPLIANT if the recovery point is not encrypted.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), US West (Oregon), and China (Ningxia) Region
How to Resolve Manually
Your AWS Backup Vaults are where you will find your AWS Backup Recovery Points, and the vault should define if you are encrypting the recovery points with a KMS Key. To view this, head to the AWS Backup dashboard within the AWS Console.
Under My Account, head to the sub-heading Backup vaults. Here you will see all of your vaults which gives a count of the current number of recovery points inside each vault.
Here, we have entered the BackupVaultWithAllBackups vault. We can see in the top that it is configured with a KMS Key and lists the encryption key ID.
If your Vault does not have encryption enabled, consider creating a new Vault similar to the same configuration as pictured below with a KMS Key ID linked, which will ensure all backups are encrypted with this key.
You cannot edit a created AWS Backup Vault with a new AWS KMS Key once it has been created.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
