AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS::Backup::BackupVault

Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.

Note

Sensitive data, such as passport numbers, should not be included the name of a backup vault.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::Backup::BackupVault", "Properties" : { "AccessPolicy" : Json, "BackupVaultName" : String, "BackupVaultTags" : Json, "EncryptionKeyArn" : String, "Notifications" : NotificationObjectType } }

YAML

Type: AWS::Backup::BackupVault Properties: AccessPolicy: Json BackupVaultName: String BackupVaultTags: Json EncryptionKeyArn: String Notifications: NotificationObjectType

Properties

AccessPolicy

A resource-based policy that is used to manage access permissions on the target backup vault.

Required: No

Type: Json

Update requires: No interruption

BackupVaultName

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. They consist of lowercase letters, numbers, and hyphens.

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9\-\_\.]{1,50}$

Update requires: Replacement

BackupVaultTags

Metadata that you can assign to help organize the resources that you create. Each tag is a key-value pair.

Required: No

Type: Json

Update requires: No interruption

EncryptionKeyArn

The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.

Required: No

Type: String

Update requires: Replacement

Notifications

The SNS event notifications for the specified backup vault.

Required: No

Type: NotificationObjectType

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns BackupVaultName.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

BackupVaultArn

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

BackupVaultName

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.