BackupVaultProps

class aws_cdk.aws_backup.BackupVaultProps(*, access_policy=None, backup_vault_name=None, block_recovery_point_deletion=None, encryption_key=None, lock_configuration=None, notification_events=None, notification_topic=None, removal_policy=None)

Bases: object

Properties for a BackupVault.

Parameters:

  • access_policy (Optional[PolicyDocument]) – A resource-based policy that is used to manage access permissions on the backup vault. Default: - access is not restricted

  • backup_vault_name (Optional[str]) – The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created. Default: - A CDK generated name

  • block_recovery_point_deletion (Optional[bool]) – Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point. Default: false

  • encryption_key (Optional[IKey]) – The server-side encryption key to use to protect your backups. Default: - an Amazon managed KMS key

  • lock_configuration (Union[LockConfiguration, Dict[str, Any], None]) – Configuration for AWS Backup Vault Lock. Default: - AWS Backup Vault Lock is disabled

  • notification_events (Optional[Sequence[BackupVaultEvents]]) – The vault events to send. Default: - all vault events if notificationTopic is defined

  • notification_topic (Optional[ITopic]) – A SNS topic to send vault events to. Default: - no notifications

  • removal_policy (Optional[RemovalPolicy]) – The removal policy to apply to the vault. Note that removing a vault that contains recovery points will fail. Default: RemovalPolicy.RETAIN

ExampleMetadata:

infused

Example:

my_key = kms.Key.from_key_arn(self, "MyKey", "aaa")
my_topic = sns.Topic.from_topic_arn(self, "MyTopic", "bbb")

vault = backup.BackupVault(self, "Vault",
    encryption_key=my_key,  # Custom encryption key
    notification_topic=my_topic
)

Attributes

access_policy

A resource-based policy that is used to manage access permissions on the backup vault.

Default:

  • access is not restricted

backup_vault_name

The name of a logical container where backups are stored.

Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created.

Default:

  • A CDK generated name

block_recovery_point_deletion

Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point.

Default:

false

encryption_key

The server-side encryption key to use to protect your backups.

Default:

  • an Amazon managed KMS key

lock_configuration

Configuration for AWS Backup Vault Lock.

Default:

  • AWS Backup Vault Lock is disabled

See:

https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html

notification_events

The vault events to send.

Default:

  • all vault events if notificationTopic is defined

See:

https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html

notification_topic

A SNS topic to send vault events to.

Default:

  • no notifications

See:

https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html

removal_policy

The removal policy to apply to the vault.

Note that removing a vault that contains recovery points will fail.

Default:

RemovalPolicy.RETAIN