How To Create An Audit Framework In AWS Backup Service

How To Create An Audit Framework In AWS Backup Service

How To Create An Audit Framework In AWS Backup Service

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

AWS Backup service can also be used to audit your backup compliance with respect to your organization RTO/RPO policy. Backup audit framework can be used to define your backup audit specification and then evaluate your resources and backups against those specification.

AWS Backup audit manager can be used to identify if all the supported resources are being backed up, if the backups are encrypted etc. You can also generate backup audit compliance reports once you configured the backup audit specification.

Note: AWS backup audit framework relied on AWS config recording and AWS config must be enabled before creating the audit framework.

In today’s blog post we will discuss how to create a backup audit specification using an audit framework in AWS backup service. First, we will enable AWS Config for specific backup and config resources, then will create a backup framework to define the audit specification and finally check how to get backup compliance data.

Warning: There is additional cost associated with this demo, please refer the backup and config pricing document for details.

How To Create An Audit Framework In AWS Backup Service:

Prerequisites:

  • AWS CLI installed and configured with proper access. You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Step 1: Create a S3 buclet with proper bucket policy to store config recordings.

Step 2: Create an IAM role for AWS Config service.

Step 3: Create an IAM role for AWS Backup service.

Step 4: Enable AWS Config service for required backup related recordings.

Observe, we have enabled config recordings for some specific resources that are required for the backup audit framework to work.

Now we are ready to create the backup audit framework.

Step 5: Create a backup audit frameowrk with controls.

We have successfully created the backup audit framework with a control to validate if all supported resources in our account is covered by the AWS backup service.

How To Create An Audit Framework In AWS Backup Service

Unfortunetly at the time of writing this blog, I can’t find any Backup API to get the complienece status of the audit framework finings. But you can check the same from the AWS console, under AWS backup => Frameworks => Controls or directly in AWS Config.

How To Create An Audit Framework In AWS Backup Service

How To Create An Audit Framework In AWS Backup Service

Next, we will delete all the resources that are being created in this demo.

Step 6: Clean up.

Hope you have enjoyed this article. To know more about AWS Backup, please refer below official documentation

https://docs.aws.amazon.com/aws-backup/index.html

Leave a Reply

Close Menu