LockConfiguration

class aws_cdk.aws_backup.LockConfiguration(*, min_retention, changeable_for=None, max_retention=None)

Bases: object

Configuration for AWS Backup Vault Lock.

Parameters:

  • min_retention (Duration) – The minimum retention period that the vault retains its recovery points. If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job’s retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected.

  • changeable_for (Optional[Duration]) – The duration before the lock date. AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable. Before the lock date, you can delete Vault Lock from the vault or change the Vault Lock configuration. On and after the lock date, the Vault Lock becomes immutable and cannot be changed or deleted. Default: - Vault Lock can be deleted or changed at any time

  • max_retention (Optional[Duration]) – The maximum retention period that the vault retains its recovery points. If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job’s retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected. Default: - Vault Lock does not enforce a maximum retention period

See:

https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html

ExampleMetadata:

infused

Example:

backup.BackupVault(self, "Vault",
    lock_configuration=backup.LockConfiguration(
        min_retention=Duration.days(30)
    )
)

Attributes

changeable_for

The duration before the lock date.

AWS Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable.

Before the lock date, you can delete Vault Lock from the vault or change the Vault Lock configuration. On and after the lock date, the Vault Lock becomes immutable and cannot be changed or deleted.

Default:

  • Vault Lock can be deleted or changed at any time

max_retention

The maximum retention period that the vault retains its recovery points.

If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job’s retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected.

Default:

  • Vault Lock does not enforce a maximum retention period

min_retention

The minimum retention period that the vault retains its recovery points.

If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job’s retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected.