AWS Config Rule: Backup Recovery Point Expired
BACKUP_RECOVERY_POINT_EXPIRED
Ryan Ware
Last Update 1 年前
Description: Checks whether a Backup Recovery Point has expired. The Recovery Point will be marked as NON_COMPLIANT if it's status is marked as EXPIRED.
Trigger type: Periodic
AWS Region: All supported AWS regions except AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region
How to Resolve Manually
Expired AWS Backup Recovery Points are transitioned from Status: Completed to Status: Expired when their age is older than their retention period.
This will sometimes happen when a retention period is not set on a Backup Resource, or when you have Backup Recovery Points stored within your AWS Backup Vault, and you remove the resource which the Backups were taken from, thus removing the backup process and nullifying the retention period process.
This can leave old artifacts within your AWS Backup Vaults. Finding these can be quite a problem, so a Config Rule such as this is particularly handy in showing you where they are, and in what region, and in what account.
(Checking 25 Accounts' worth of AWS Backup Vaults when you have 1 Vault per Region could be rather tedious)
This AWS Config Rule will be able to highlight which Recovery Points have expired. To delete these permanently, locate your Backup Vault shown from the AWS Config Screen, which is highlighting your current list of expired Backup Recovery Points.
Select the Expired Backup Recovery Points from within the Backup Vault, and click on Actions > Delete. You will then be prompted before AWS Backup permanently deletes these expired points.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
