Assign resources with AWS CLI - AWS Backup

Assign resources with AWS CLI

You can define a resource assignment in a JSON document.

You can specify conditions, tags, or resources to define what will be included in your backup plan. For more information to help you determine which parameters to include, see BackupSelection.

This sample resource assignment assigns all Amazon EC2 instances to the backup plan BACKUP-PLAN-ID:

{ "BackupPlanId":"BACKUP-PLAN-ID", "BackupSelection":{ "SelectionName":"resources-list-selection", "IamRoleArn":"arn:aws:iam::ACCOUNT-ID:role/IAM-ROLE-ARN", "Resources":[ "arn:aws:ec2:*:*:instance/*" ] } }

Assuming this JSON is stored as backup-selection.json, you can assign these resources to your backup plan using the following CLI command:

aws backup create-backup-selection --cli-input-json file://PATH-TO-FILE/backup-selection.json

The following are example resource assignments, along with the corresponding JSON document. To make this table easier for you to read, the examples omit the fields "BackupPlanId", "SelectionName", and "IamRoleArn". The wildcard * represents zero or more non-whitespace characters.

Example: Select all resources in my account
{ "BackupSelection":{ "Resources":[ "*" ] } }
Example: Select all resources in my account, but exclude EBS volumes
{ "BackupSelection":{ "Resources":[ "*" ], "NotResources":[ "arn:aws:ec2:*:*:volume/*" ] } }
Example: Select all resources tagged with "backup":"true", but exclude EBS volumes
{ "BackupSelection":{ "Resources":[ "*" ], "NotResources":[ "arn:aws:ec2:*:*:volume/*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" } ] } } }
Example: Select all EBS volumes and RDS DB instances tagged with both "backup":"true" and "stage":"prod"

The Boolean arithmetic is similar to that in IAM policies, with those in "Resources" combined using a Boolean OR and those in "Conditions" combined with a Boolean AND.

The "Resources" expression "arn:aws:rds:*:*:db:*" only selects RDS DB instances because there are no corresponding Aurora, Neptune, or DocumentDB resources.

{ "BackupSelection":{ "Resources":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:rds:*:*:db:*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" }, { "ConditionKey":"aws:ResourceTag/stage", "ConditionValue":"prod" } ] } } }
Example: Select all EBS volumes and RDS instances tagged with "backup":"true" but not "stage":"test"
{ "BackupSelection":{ "Resources":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:rds:*:*:db:*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" } ], "StringNotEquals":[ { "ConditionKey":"aws:ResourceTag/stage", "ConditionValue":"test" } ] } } }
Example: Select all resources tagged with "key1" and a value which begins with "include" but not with "key2" and value that contains the word "exclude"

You can use the wildcard character at the start, end, and middle of a string. Note the use of the wildcard character (*) in include* and *exclude* in the example above. You can also use the wildcard character in the middle of a string as shown in the previous example, arn:aws:rds:*:*:db:*.

{ "BackupSelection":{ "Resources":[ "*" ], "Conditions":{ "StringLike":[ { "ConditionKey":"aws:ResourceTag/key1", "ConditionValue":"include*" } ], "StringNotLike":[ { "ConditionKey":"aws:ResourceTag/key2", "ConditionValue":"*exclude*" } ] } } }
Example: Select all resources tagged with "backup":"true" except FSx file systems and RDS, Aurora, Neptune, and DocumentDB resources

Items in NotResources are combined using the Boolean OR.

{ "BackupSelection":{ "Resources":[ "*" ], "NotResources":[ "arn:aws:fsx:*", "arn:aws:rds:*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" } ] } } }
Example: Select all resources tagged with a tag "backup" and any value
{ "BackupSelection":{ "Resources":[ "*" ], "Conditions":{ "StringLike":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"*" } ] } } }
Example: Select all FSx file systems, the Aurora cluster "my-aurora-cluster", and all resources tagged with "backup":"true", except for resources tagged with "stage":"test"
{ "BackupSelection":{ "Resources":[ "arn:aws:fsx:*", "arn:aws:rds:*:*:cluster:my-aurora-cluster" ], "ListOfTags":[ { "ConditionType":"StringEquals", "ConditionKey":"backup", "ConditionValue":"true" } ], "Conditions":{ "StringNotEquals":[ { "ConditionKey":"aws:ResourceTag/stage", "ConditionValue":"test" } ] } } }
Example: Select all resources tagged with tag "backup":"true" except for EBS volumes tagged with "stage":"test"

Use two CLI commands to create two selections to select this group of resources. The first selection applies to all resources except for EBS volumes. The second selection applies to EBS volumes.

{ "BackupSelection":{ "Resources":[ "*" ], "NotResources":[ "arn:aws:ec2:*:*:volume/*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" } ] } } }
{ "BackupSelection":{ "Resources":[ "arn:aws:ec2:*:*:volume/*" ], "Conditions":{ "StringEquals":[ { "ConditionKey":"aws:ResourceTag/backup", "ConditionValue":"true" } ], "StringNotEquals":[ { "ConditionKey":"aws:ResourceTag/stage", "ConditionValue":"test" } ] } } }