AWS Backup API를 사용하여 프레임워크 생성

다음 표에는 각 컨트롤의 CreateFramework에 대한 샘플 API 요청과 해당하는 DescribeFramework 요청에 대한 샘플 API 응답이 함께 포함되어 있습니다. AWS Backup Audit Manager를 프로그래밍 방식으로 사용하려면 이러한 코드 조각을 참조할 수 있습니다.

컨트롤	`CreateFramework` 요청	`DescribeFramework` 응답
`Backup resources are included in at least one backup plan`	`{"FrameworkName": "Control1", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["RDS"] // Evaluate only RDS instances } } ], "IdempotencyToken": "Control1", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control1", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control1-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_PLAN", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["RDS"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control1", "FrameworkTags": {"key1": "foo"} }
`Backup plan minimum frequency and minimum retention`	{"FrameworkName": "Control2", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"}, {"ParameterName": "requiredFrequencyUnit", "ParameterValue": "hours"}, {"ParameterName": "requiredFrequencyValue", "ParameterValue": "24"} ], "ControlScope": { "Tags": {"key1": "prod"} // Evaluate backup plans that tagged with "key1": "prod". } } ], "IdempotencyToken": "Control2", "FrameworkTags": {"key1": "foo"} }	{"FrameworkName": "Control2", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_PLAN_MIN_FREQUENCY_AND_MIN_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"}, {"ParameterName": "requiredFrequencyUnit", "ParameterValue": "hours"}, {"ParameterName": "requiredFrequencyValue", "ParameterValue": "24"} ], "ControlScope": { "Tags": {"key1": "prod"} } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control2", "FrameworkTags": {"key1": "foo"} }
`Vaults prevent manual deletion of recovery points`	{"FrameworkName": "Control3", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED", "ControlInputParameters": [ {"ParameterName": "principalArnList", "ParameterValue": "arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess, arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer, arn:aws:iam::123456789012:role/service-role/QuickSightAction"} ], "ControlScope": {"ComplianceResourceIds":["default"], "ComplianceResourceTypes": ["AWS::Backup::BackupVault"] } } ], "IdempotencyToken": "Control3", "FrameworkTags": {"key1": "foo"} }	{"FrameworkName": "Control3", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control2-de7655ae-1e31-45cb-96a0-4f43d8c1969d", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MANUAL_DELETION_DISABLED", "ControlInputParameters": [ {"ParameterName": "principalArnList", "ParameterValue": "arn:aws:iam::123456789012:role/application_abc/component_xyz/RDSAccess, arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer, arn:aws:iam::123456789012:role/service-role/QuickSightAction"} ], "ControlScope": {"ComplianceResourceIds":["default"], "ComplianceResourceTypes": ["AWS::Backup::BackupVault"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control3", "FrameworkTags": {"key1": "foo"} }
`Minimum retention established for recovery point`	`{"FrameworkName": "Control4", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"} ], "ControlScope": {} // Default scope (no scope input) sets scope to all recovery points. } ], "IdempotencyToken": "Control4", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control4", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-6e7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_MINIMUM_RETENTION_CHECK", "ControlInputParameters": [ {"ParameterName": "requiredRetentionDays", "ParameterValue": "35"} ], "ControlScope": {} } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control4", "FrameworkTags": {"key1": "foo"} }
`Backup recovery points are encrypted`	`{"FrameworkName": "Control5", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED", "ControlInputParameters": [], "ControlScope": {} // Default scope (no scope input) is all recovery points } ], "IdempotencyToken": "Control5", "FrameworkTags": {"key1": "foo"} }`	`{"FrameworkName": "Control5", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-7e7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RECOVERY_POINT_ENCRYPTED", "ControlInputParameters": [], "ControlScope": {} } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control5", "FrameworkTags": {"key1": "foo"} }`
`Cross-Region backup copy is scheduled`	`{"FrameworkName": "Control6", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control6", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control6", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control6-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_REGION", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control6", "FrameworkTags": {"key1": "foo"} }
`Cross-account backup copy is scheduled`	`{"FrameworkName": "Control7", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control7", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control7", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control7-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_CROSS_ACCOUNT", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control7", "FrameworkTags": {"key1": "foo"} }
`Resources are in a backup plan with an AWS Backup Vault Lock`	`{"FrameworkName": "Control8", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control8", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control8", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control8-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_RESOURCES_PROTECTED_BY_BACKUP_VAULT_LOCK", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control8", "FrameworkTags": {"key1": "foo"} }
`Last recovery point was created`	`{"FrameworkName": "Control9", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] // Evaluate only EC2 instances } } ], "IdempotencyToken": "Control9", "FrameworkTags": {"key1": "foo"} }`	{"FrameworkName": "Control9", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "BACKUP_LAST_RECOVERY_POINT_CREATED", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control9", "FrameworkTags": {"key1": "foo"} }
`Restore time for resources meet target`	`{"FrameworkName":"Control10", "FrameworkDescription":"This is a test framework", "FrameworkControls":[ { "ControlName":"RESTORE_TIME_FOR_RESOURCES_MEET_TARGET", "ControlInputParameters":[ { "ParameterName":"maxRestoreTime", "ParameterValue":"720" } ], "ControlScope":{ "ComplianceResourceIds":[ ], "ComplianceResourceTypes":[ "DynamoDB" // Evaluates only DynamoDB databases ] } } ]"IdempotencyToken":"Control10", "FrameworkTags":{ "key1":"foo" } }`	{"FrameworkName": "Control10", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control9-ce7655ae-1e31-45cb-96a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "RESTORE_TIME_FOR_RESOURCES_MEET_TARGET", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2"] } } ], "CreationTime": 1516925490, "DeploymentStatus": "Active", "FrameworkStatus": "Completed", "IdempotencyToken": "Control10", "FrameworkTags": {"key1": "foo"} }
`RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT`	`{"FrameworkName":"Control11", "FrameworkDescription":"This is a test framework", "FrameworkControls":[ { "ControlName":"RESOURCES_IN_LOGICALLY_AIR_GAPPED_VAULT", "ControlInputParameters":[ { "ParameterName":"recoveryPointAgeValue", "ParameterValue":"10" } { "ParameterName":"recoveryPointAgeUnit", "ParameterValue":"days" } ], "ControlScope":{ "ComplianceResourceTypes":[ "EC2" ] } } ]"IdempotencyToken":"Control11", "FrameworkTags":{ "key1":"foo" } }`	`{"FrameworkName": "Control11", "FrameworkArn": "arn:aws:backup:us-east-1:123456789012:framework/Control11-ab1234cd-5e67-89fg-06a0-4f43d8c19642", "FrameworkDescription": "This is a test framework", "FrameworkControls": [ {"ControlName": "", "ControlInputParameters":[], "ControlScope": {"ComplianceResourceTypes": ["EC2","EBS"] } } ], "CreationTime": 1726087776.316, "DeploymentStatus": "COMPLETED", "FrameworkStatus": "ACTIVE", "IdempotencyToken": "Control11", "FrameworkTags": {"key1": "foo"} }`

javascript가 브라우저에서 비활성화되거나 사용이 불가합니다.

AWS 설명서를 사용하려면 Javascript가 활성화되어야 합니다. 지침을 보려면 브라우저의 도움말 페이지를 참조하십시오.

문서 규칙

AWS Backup 콘솔을 사용하여 프레임워크 생성

프레임워크 규정 준수 상태 보기