AWS Config Rule: S3 Resources Protected By Backup Plan

Description: Checks if Amazon Simple Storage Service (Amazon S3) buckets are protected by a backup plan. The rule is NON_COMPLIANT if the Amazon S3 bucket is not covered by a backup plan.

Trigger type: Periodic

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region

The Config Rule will only check your S3 Resources with a particular tag- in this case by default we search for resources with the Tag Key "Environment" and Tag Value "Production". This of course can be changed if desired in the StackZone Console when enabling this rule. Any S3 Resource without the chosen tag key and value will be ignored by this particular Config Rule

To resolve this manually, you need to create a Backup Plan under AWS Backup.

Go to AWS Backup in your AWS Management Console and select Backup Plans in your left menu.

Click Create Backup Plan and select the options based on your needs. We recommend you to select a pre-built template, and indicate a plan name:

Under these options, create a Backup rule

When you finish creating this Backup Rule, Create the Backup Plan.

Now, you need to assign resources, go down to the Resource assignments section of your Backup plan and click on Assign resources

Indicate a name, and how you would like to assign resources: If you select a specific resource type, you will see S3 as one of the resource type as one of the drop down menu options.

When this is done, your S3 Resources will be part of a Backup plan and AWS Backup will generate backups according to your Backup rule configuration.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here