iCompaas Support

Profile Applicability:
 • Level 2

Description:

Creating and naming a backup template in AWS Backup ensures that backup plans are standardized and reusable. A well-structured template helps enforce consistent backup strategies across AWS resources and accounts, ensuring all critical data is backed up according to the organization’s requirements.

Rationale:

Backup templates simplify the management of backup policies by enabling standardized backup configurations that can be applied to various services and resources. Clear and descriptive naming conventions improve visibility and ease of management, especially in large or multi-team environments.

Impact:

Pros:

• Promotes consistent backup policies across AWS services

• Improves manageability and traceability of backup plans

• Enables automation and reduces manual errors

Cons:

• Incorrect template configurations may lead to incomplete backups

• Requires maintenance when backup requirements change

• Improper naming may lead to confusion in large environments

Default Value:

AWS does not automatically create backup templates; they must be manually defined and named.

Pre-requisites:

• IAM permissions to create and manage AWS Backup plans

• Defined backup vault with encryption enabled (optional)

• Resource tagging strategy (optional but recommended)

• Clear backup policy naming convention for the organization

Remediation:

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console

2. Navigate to AWS Backup > Backup Plans

3. Check that existing backup templates follow the organization’s naming convention

4. Verify that backup plans are assigned the appropriate resources and have the correct configuration (e.g., schedule, lifecycle, vault)

5. Validate that the backup template enforces encryption and retention policies as per security requirements
   

Using AWS CLI:

1. List backup plans:

    aws backup list-backup-plans

2. Describe each plan to verify the naming convention and configuration:

    aws backup get-backup-plan --backup-plan-id <backup-plan-id>

Implementation Plan:

Using AWS Console:

1. Sign in to the AWS Management Console

2. Navigate to AWS Backup > Backup Plans

3. Click Create Backup Plan

4. Choose Build a new plan

5. Enter a descriptive and clear name for the backup plan (e.g., Daily-App-Backup-Plan)

6. Configure the backup rules:

   • Set frequency (e.g., daily, weekly)

   • Set lifecycle for data movement (e.g., to cold storage after 30 days)

   • Define the retention period

   • Assign to appropriate backup vault

7. Assign resources by selecting tags or direct resource assignments

8. Save the backup template for reuse across different resources and accounts

Using AWS CLI:

1. Create a JSON file named backup-plan.json for the backup plan configuration:
   

{
  "BackupPlanName": "Daily-App-Backup-Plan",
  "Rules": [
    {
      "RuleName": "DailyBackup",
      "TargetBackupVaultName": "MyBackupVault",
      "ScheduleExpression": "cron(0 5 * * ? *)",
      "StartWindowMinutes": 60,
      "CompletionWindowMinutes": 180,
      "Lifecycle": {
        "MoveToColdStorageAfterDays": 30,
        "DeleteAfterDays": 90
      }
    }
  ]
}

2. Create the backup plan:

    aws backup create-backup-plan --backup-plan file://backup-plan.json

Backout Plan:

Using AWS Console:

1. Navigate to AWS Backup > Backup Plans

2. Find the backup plan template to delete

3. Detach any associated resources

4. Delete the backup template

Using AWS CLI:

1. List backup plans:

    aws backup list-backup-plans

2. Delete backup plan:

    aws backup delete-backup-plan --backup-plan-id <backup-plan-id>

References:

• AWS Backup Documentation

• AWS Backup Plans Guide

• AWS CLI for Backup Plans