Step 8. Audit backup configuration - AWS Prescriptive Guidance

Step 8. Audit backup configuration

To ensure that the backup program is performing as it should and to identify and correct any anomalies from backup processes, audit the compliance of AWS Backup policies against defined controls such as defined backup frequency. To find and investigate backup operations or resources that are not compliant with your business requirements, continuously and automatically track your backup activity and generate automatic reports.

AWS Backup Audit Manager provides built-in, customizable compliance controls that align with your business compliance and regulatory requirements. You can use prebuilt and customizable controls as audit frameworks to evaluate your AWS Backup practices. The controls include:

  • Backup resources protected by backup plans

  • Backup plan minimum frequency and minimum retention

  • Backup recovery point encrypted

  • Backup recovery point manual deletion

  • Backup recovery point minimum retention

  • Cross-Region copy

  • Cross-account copy

  • Backup Vault Lock

For infrastructure as-code (IaC) automation, you can use AWS Backup Audit Manager with AWS CloudFormation.

AWS Security Hub provides you with a comprehensive view of your security state in AWS. It also helps you check your environment against security best practices and industry standards such as AWS Foundational Security Best Practices controls. If you use Security Hub within your cloud environment, we recommend you enable the AWS Foundational Security Best Practices standard, because it includes detective controls that can help with securing backups in AWS. Most of the detective controls in AWS Backup Audit Manager and Security Hub are also available as AWS Config managed rules.