AWS Config Rule: EBS in Backup Plan

EBS_IN_BACKUP_PLAN

Fernando Honig

Last Update 8 maanden geleden

Description: Check if Amazon Elastic Block Store (Amazon EBS) volumes are added in backup plans of AWS Backup. The rule is NON_COMPLIANT if Amazon EBS volumes are not included in backup plans.


Trigger type: Periodic


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, you need to create a Backup Plan under AWS Backup.


Go to AWS Backup in your AWS Management Console and select Backup Plans in the left menu.


Click on Create Backup Plan and select the options based on your needs. We recommend you to select a pre-built template, and indicate a plan name:

Under these options, create a Backup rule

When you finish creating this Backup Rule, Create the Backup Plan.

Now, you need to assign resources, go down to the Resource assignments section of your Backup plan and click on Assign resources


Indicate a name, and how you would like to assign resources: The options are by Tags or Resource Id. If you select Resource Id you will find EBS as one of the Resource Type.

When this is done, your EBS volume will be part of a Backup plan and AWS Backup will generate Snapshots according to your Backup rule configuration.


How to Resolve with StackZone

You can resolve with StackZone automatically by enabling AWS Backup Solution.


Go to Baseline Services -> AWS Backup and enable the service and indicate what TagKey are you going to use to assign your resources to the Backup Plan.


By default 3 backup plans are created:

  • DailyPlan
  • WeeklyPlan
  • YearlyPlan


You can indicate the retention period in days, for each of them.


Each resource might need a different retention period, so as a Tag Value you can specify in your resources that, the options are:

  • daily
  • daily/weekly
  • daily/monthly
  • daily/weekly/monthly
  • weekly
  • weekly/monthly
  • monthly


With the StackZone AWS Backup Solution, all supported services can be tagged and belong to the same Backup Vault:

  • Aurora
  • DynamoDB
  • EBS
  • EC2
  • EFS
  • FSx
  • RDS
  • Storage Gateway


Once enabled the StackZone AWS Backup Solution, all resources in all your accounts and enabled regions will be added to their own Backup Vault with just adding a tag to your resources.


Worth mentioning, all Backup Vaults are encrypted with a KMS key that allows the entire Organization to decrypt it, this means in case of a disaster you can recover the snapshots from a different account. 


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us