2021/08/23 - AWS Backup - 13 new 3 updated api methods
Changes AWS Backup - Features: Evaluate your backup activity and generate audit reports.
Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies. To get insights into the compliance status of your frameworks, you can set up automatic daily reports.
See also: AWS API Documentation
Request Syntax
client.create_framework(
FrameworkName='string',
FrameworkDescription='string',
FrameworkControls=[
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
IdempotencyToken='string',
FrameworkTags={
'string': 'string'
}
)
string
[REQUIRED]
The unique name of the framework. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
string
An optional description of the framework with a maximum of 1,024 characters.
list
[REQUIRED]
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
(dict) --
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
ControlName (string) -- [REQUIRED]
The name of a control. This name is between 1 and 256 characters.
ControlInputParameters (list) --
A list of ParameterName and ParameterValue pairs.
(dict) --
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
ParameterName (string) --
The name of a parameter, for example, BackupPlanFrequency .
ParameterValue (string) --
The value of parameter, for example, hourly .
ControlScope (dict) --
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
ComplianceResourceIds (list) --
Describes whether the control scope includes a specific resource identified by its unique Amazon Resource Name (ARN).
(string) --
ComplianceResourceTypes (list) --
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
(string) --
Tags (dict) --
Describes whether the control scope includes resources with one or more tags. Each tag is a key-value pair.
(string) --
(string) --
string
A customer-chosen string that you can use to distinguish between otherwise identical calls to CreateFrameworkInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.
(string) --
(string) --
dict
Response Syntax
{
'FrameworkName': 'string',
'FrameworkArn': 'string'
}
Response Structure
(dict) --
FrameworkName (string) --
The unique name of the framework. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it.
If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.
See also: AWS API Documentation
Request Syntax
client.create_report_plan(
ReportPlanName='string',
ReportPlanDescription='string',
ReportDeliveryChannel={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
ReportSetting={
'ReportTemplate': 'string'
},
ReportPlanTags={
'string': 'string'
},
IdempotencyToken='string'
)
string
[REQUIRED]
The unique name of the report plan. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
string
An optional description of the report plan with a maximum of 1,024 characters.
dict
[REQUIRED]
A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
S3BucketName (string) -- [REQUIRED]
The unique name of the S3 bucket that receives your reports.
S3KeyPrefix (string) --
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
Formats (list) --
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
(string) --
dict
[REQUIRED]
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportTemplate (string) -- [REQUIRED]
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
dict
Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.
(string) --
(string) --
string
A customer-chosen string that you can use to distinguish between otherwise identical calls to CreateReportPlanInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportPlanName': 'string',
'ReportPlanArn': 'string'
}
Response Structure
(dict) --
ReportPlanName (string) --
The unique name of the report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
Returns a list of all report plans for an Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
client.describe_report_plan(
ReportPlanName='string'
)
string
[REQUIRED]
The unique name of a report plan.
dict
Response Syntax
{
'ReportPlan': {
'ReportPlanArn': 'string',
'ReportPlanName': 'string',
'ReportPlanDescription': 'string',
'ReportSetting': {
'ReportTemplate': 'string'
},
'ReportDeliveryChannel': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
'DeploymentStatus': 'string',
'CreationTime': datetime(2015, 1, 1),
'LastAttemptedExecutionTime': datetime(2015, 1, 1),
'LastSuccessfulExecutionTime': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
ReportPlan (dict) --
Returns details about the report plan that is specified by its name. These details include the report plan's Amazon Resource Name (ARN), description, settings, delivery channel, deployment status, creation time, and last attempted and successful run times.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportPlanName (string) --
The unique name of the report plan. This name is between 1 and 256 characters starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
ReportPlanDescription (string) --
An optional description of the report plan with a maximum 1,024 characters.
ReportSetting (dict) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportDeliveryChannel (dict) --
Contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
S3BucketName (string) --
The unique name of the S3 bucket that receives your reports.
S3KeyPrefix (string) --
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
Formats (list) --
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
(string) --
DeploymentStatus (string) --
The deployment status of a report plan. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED
CreationTime (datetime) --
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastAttemptedExecutionTime (datetime) --
The date and time that a report job associated with this report plan last attempted to run, in Unix format and Coordinated Universal Time (UTC). The value of LastAttemptedExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastSuccessfulExecutionTime (datetime) --
The date and time that a report job associated with this report plan last successfully ran, in Unix format and Coordinated Universal Time (UTC). The value of LastSuccessfulExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Returns a list of all frameworks for an Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
client.list_frameworks(
MaxResults=123,
NextToken='string'
)
integer
The number of desired results from 1 to 1000. Optional. If unspecified, the query will return 1 MB of data.
string
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
dict
Response Syntax
{
'Frameworks': [
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'FrameworkDescription': 'string',
'NumberOfControls': 123,
'CreationTime': datetime(2015, 1, 1),
'DeploymentStatus': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Frameworks (list) --
A list of frameworks with details for each framework, including the framework name, Amazon Resource Name (ARN), description, number of controls, creation time, and deployment status.
(dict) --
Contains detailed information about a framework. Frameworks contain controls, which evaluate and report on your backup events and resources. Frameworks generate daily compliance results.
FrameworkName (string) --
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
FrameworkDescription (string) --
An optional description of the framework with a maximum 1,024 characters.
NumberOfControls (integer) --
The number of controls contained by the framework.
CreationTime (datetime) --
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeploymentStatus (string) --
The deployment status of a framework. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Returns details about your report jobs.
See also: AWS API Documentation
Request Syntax
client.list_report_jobs(
ByReportPlanName='string',
ByCreationBefore=datetime(2015, 1, 1),
ByCreationAfter=datetime(2015, 1, 1),
ByStatus='string',
MaxResults=123,
NextToken='string'
)
string
Returns only report jobs with the specified report plan name.
datetime
Returns only report jobs that were created before the date and time specified in Unix format and Coordinated Universal Time (UTC). For example, the value 1516925490 represents Friday, January 26, 2018 12:11:30 AM.
datetime
Returns only report jobs that were created after the date and time specified in Unix format and Coordinated Universal Time (UTC). For example, the value 1516925490 represents Friday, January 26, 2018 12:11:30 AM.
string
Returns only report jobs that are in the specified status. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
integer
The number of desired results from 1 to 1000. Optional. If unspecified, the query will return 1 MB of data.
string
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
dict
Response Syntax
{
'ReportJobs': [
{
'ReportJobId': 'string',
'ReportPlanArn': 'string',
'ReportTemplate': 'string',
'CreationTime': datetime(2015, 1, 1),
'CompletionTime': datetime(2015, 1, 1),
'Status': 'string',
'StatusMessage': 'string',
'ReportDestination': {
'S3BucketName': 'string',
'S3Keys': [
'string',
]
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ReportJobs (list) --
Details about your report jobs in JSON format.
(dict) --
Contains detailed information about a report job. A report job compiles a report based on a report plan and publishes it to Amazon S3.
ReportJobId (string) --
The identifier for a report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. Report job IDs cannot be edited.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
CreationTime (datetime) --
The date and time that a report job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionTime (datetime) --
The date and time that a report job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
The status of a report job. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
COMPLETED means that the report is available for your review at your designated destination. If the status is FAILED , review the StatusMessage for the reason.
StatusMessage (string) --
A message explaining the status of the report job.
ReportDestination (dict) --
The S3 bucket name and S3 keys for the destination where the report job publishes the report.
S3BucketName (string) --
The unique name of the Amazon S3 bucket that receives your reports.
S3Keys (list) --
The object key that uniquely identifies your reports in your S3 bucket.
(string) --
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Returns the details associated with creating a report as specified by its ReportJobId .
See also: AWS API Documentation
Request Syntax
client.describe_report_job(
ReportJobId='string'
)
string
[REQUIRED]
The identifier of the report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. The report job ID cannot be edited.
dict
Response Syntax
{
'ReportJob': {
'ReportJobId': 'string',
'ReportPlanArn': 'string',
'ReportTemplate': 'string',
'CreationTime': datetime(2015, 1, 1),
'CompletionTime': datetime(2015, 1, 1),
'Status': 'string',
'StatusMessage': 'string',
'ReportDestination': {
'S3BucketName': 'string',
'S3Keys': [
'string',
]
}
}
}
Response Structure
(dict) --
ReportJob (dict) --
A list of information about a report job, including its completion and creation times, report destination, unique report job ID, Amazon Resource Name (ARN), report template, status, and status message.
ReportJobId (string) --
The identifier for a report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. Report job IDs cannot be edited.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
CreationTime (datetime) --
The date and time that a report job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionTime (datetime) --
The date and time that a report job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
The status of a report job. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
COMPLETED means that the report is available for your review at your designated destination. If the status is FAILED , review the StatusMessage for the reason.
StatusMessage (string) --
A message explaining the status of the report job.
ReportDestination (dict) --
The S3 bucket name and S3 keys for the destination where the report job publishes the report.
S3BucketName (string) --
The unique name of the Amazon S3 bucket that receives your reports.
S3Keys (list) --
The object key that uniquely identifies your reports in your S3 bucket.
(string) --
Deletes the report plan specified by a report plan name.
See also: AWS API Documentation
Request Syntax
client.delete_report_plan(
ReportPlanName='string'
)
string
[REQUIRED]
The unique name of a report plan.
None
Returns the framework details for the specified FrameworkName .
See also: AWS API Documentation
Request Syntax
client.describe_framework(
FrameworkName='string'
)
string
[REQUIRED]
The unique name of a framework.
dict
Response Syntax
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'FrameworkDescription': 'string',
'FrameworkControls': [
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
'CreationTime': datetime(2015, 1, 1),
'DeploymentStatus': 'string',
'FrameworkStatus': 'string',
'IdempotencyToken': 'string'
}
Response Structure
(dict) --
FrameworkName (string) --
The unique name of a framework.
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
FrameworkDescription (string) --
An optional description of the framework.
FrameworkControls (list) --
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
(dict) --
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
ControlName (string) --
The name of a control. This name is between 1 and 256 characters.
ControlInputParameters (list) --
A list of ParameterName and ParameterValue pairs.
(dict) --
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
ParameterName (string) --
The name of a parameter, for example, BackupPlanFrequency .
ParameterValue (string) --
The value of parameter, for example, hourly .
ControlScope (dict) --
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
ComplianceResourceIds (list) --
Describes whether the control scope includes a specific resource identified by its unique Amazon Resource Name (ARN).
(string) --
ComplianceResourceTypes (list) --
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
(string) --
Tags (dict) --
Describes whether the control scope includes resources with one or more tags. Each tag is a key-value pair.
(string) --
(string) --
CreationTime (datetime) --
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeploymentStatus (string) --
The deployment status of a framework. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED
FrameworkStatus (string) --
A framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn Config recording on or off for each resource. The statuses are:
ACTIVE when recording is turned on for all resources governed by the framework.
PARTIALLY_ACTIVE when recording is turned off for at least one resource governed by the framework.
INACTIVE when recording is turned off for all resources governed by the framework.
UNAVAILABLE when Backup is unable to validate recording status at this time.
IdempotencyToken (string) --
A customer-chosen string that you can use to distinguish between otherwise identical calls to DescribeFrameworkOutput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.
See also: AWS API Documentation
Request Syntax
client.update_report_plan(
ReportPlanName='string',
ReportPlanDescription='string',
ReportDeliveryChannel={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
ReportSetting={
'ReportTemplate': 'string'
},
IdempotencyToken='string'
)
string
[REQUIRED]
The unique name of the report plan. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
string
An optional description of the report plan with a maximum 1,024 characters.
dict
A structure that contains information about where to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
S3BucketName (string) -- [REQUIRED]
The unique name of the S3 bucket that receives your reports.
S3KeyPrefix (string) --
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
Formats (list) --
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
(string) --
dict
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportTemplate (string) -- [REQUIRED]
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
string
A customer-chosen string that you can use to distinguish between otherwise identical calls to UpdateReportPlanInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportPlanName': 'string',
'ReportPlanArn': 'string',
'CreationTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
ReportPlanName (string) --
The unique name of the report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationTime (datetime) --
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan .
See also: AWS API Documentation
Request Syntax
client.list_report_plans(
MaxResults=123,
NextToken='string'
)
integer
The number of desired results from 1 to 1000. Optional. If unspecified, the query will return 1 MB of data.
string
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
dict
Response Syntax
{
'ReportPlans': [
{
'ReportPlanArn': 'string',
'ReportPlanName': 'string',
'ReportPlanDescription': 'string',
'ReportSetting': {
'ReportTemplate': 'string'
},
'ReportDeliveryChannel': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
'DeploymentStatus': 'string',
'CreationTime': datetime(2015, 1, 1),
'LastAttemptedExecutionTime': datetime(2015, 1, 1),
'LastSuccessfulExecutionTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ReportPlans (list) --
A list of your report plans with detailed information for each plan. This information includes the Amazon Resource Name (ARN), report plan name, description, settings, delivery channel, deployment status, creation time, and last times the report plan attempted to and successfully ran.
(dict) --
Contains detailed information about a report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportPlanName (string) --
The unique name of the report plan. This name is between 1 and 256 characters starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
ReportPlanDescription (string) --
An optional description of the report plan with a maximum 1,024 characters.
ReportSetting (dict) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
ReportDeliveryChannel (dict) --
Contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
S3BucketName (string) --
The unique name of the S3 bucket that receives your reports.
S3KeyPrefix (string) --
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
Formats (list) --
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
(string) --
DeploymentStatus (string) --
The deployment status of a report plan. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED
CreationTime (datetime) --
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastAttemptedExecutionTime (datetime) --
The date and time that a report job associated with this report plan last attempted to run, in Unix format and Coordinated Universal Time (UTC). The value of LastAttemptedExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastSuccessfulExecutionTime (datetime) --
The date and time that a report job associated with this report plan last successfully ran, in Unix format and Coordinated Universal Time (UTC). The value of LastSuccessfulExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Deletes the framework specified by a framework name.
See also: AWS API Documentation
Request Syntax
client.delete_framework(
FrameworkName='string'
)
string
[REQUIRED]
The unique name of a framework.
None
Starts an on-demand report job for the specified report plan.
See also: AWS API Documentation
Request Syntax
client.start_report_job(
ReportPlanName='string',
IdempotencyToken='string'
)
string
[REQUIRED]
The unique name of a report plan.
string
A customer-chosen string that you can use to distinguish between otherwise identical calls to StartReportJobInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportJobId': 'string'
}
Response Structure
(dict) --
ReportJobId (string) --
The identifier of the report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. The report job ID cannot be edited.
Updates an existing framework identified by its FrameworkName with the input document in JSON format.
See also: AWS API Documentation
Request Syntax
client.update_framework(
FrameworkName='string',
FrameworkDescription='string',
FrameworkControls=[
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
IdempotencyToken='string'
)
string
[REQUIRED]
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
string
An optional description of the framework with a maximum 1,024 characters.
list
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
(dict) --
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
ControlName (string) -- [REQUIRED]
The name of a control. This name is between 1 and 256 characters.
ControlInputParameters (list) --
A list of ParameterName and ParameterValue pairs.
(dict) --
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
ParameterName (string) --
The name of a parameter, for example, BackupPlanFrequency .
ParameterValue (string) --
The value of parameter, for example, hourly .
ControlScope (dict) --
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
ComplianceResourceIds (list) --
Describes whether the control scope includes a specific resource identified by its unique Amazon Resource Name (ARN).
(string) --
ComplianceResourceTypes (list) --
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
(string) --
Tags (dict) --
Describes whether the control scope includes resources with one or more tags. Each tag is a key-value pair.
(string) --
(string) --
string
A customer-chosen string that you can use to distinguish between otherwise identical calls to UpdateFrameworkInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'CreationTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
FrameworkName (string) --
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationTime (datetime) --
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
{'StatusMessage': 'string'}
Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.
See also: AWS API Documentation
Request Syntax
client.describe_recovery_point(
BackupVaultName='string',
RecoveryPointArn='string'
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
string
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
dict
Response Syntax
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'StorageClass': 'WARM'|'COLD'|'DELETED',
'LastRestoreTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in; for example, arn:aws:backup:us-east-1:123456789012:vault:BackupVault . If the recovery is restored to the same Amazon Web Services account or Region, this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a saved resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource to save as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan . You can also increase your backup plan window using the Console by choosing and editing your backup plan.
EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started .
StatusMessage (string) --
A status message explaining the reason for the recovery point deletion failure.
CreationDate (datetime) --
The date and time that a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time that a job to create a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
StorageClass (string) --
Specifies the storage class of the recovery point. Valid values are WARM or COLD .
LastRestoreTime (datetime) --
The date and time that a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
{'RecoveryPoints': {'StatusMessage': 'string'}}
Returns detailed information about the recovery points stored in a backup vault.
See also: AWS API Documentation
Request Syntax
client.list_recovery_points_by_backup_vault(
BackupVaultName='string',
NextToken='string',
MaxResults=123,
ByResourceArn='string',
ByResourceType='string',
ByBackupPlanId='string',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1)
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Note
Backup vault name might not be available when a supported service creates the backup.
string
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
integer
The maximum number of items to be returned.
string
Returns only recovery points that match the specified resource Amazon Resource Name (ARN).
string
Returns only recovery points that match the specified resource type.
string
Returns only recovery points that match the specified backup plan ID.
datetime
Returns only recovery points that were created before the specified timestamp.
datetime
Returns only recovery points that were created after the specified timestamp.
dict
Response Syntax
{
'NextToken': 'string',
'RecoveryPoints': [
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'LastRestoreTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
RecoveryPoints (list) --
An array of objects that contain detailed information about recovery points saved in a backup vault.
(dict) --
Contains detailed information about the recovery points stored in a backup vault.
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
The backup vault where the recovery point was originally copied from. If the recovery point is restored to the same account this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan that is used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
StatusMessage (string) --
A message explaining the reason of the recovery point deletion failure.
CreationDate (datetime) --
The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
LastRestoreTime (datetime) --
The date and time a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
{'RecoveryPoints': {'StatusMessage': 'string'}}
Returns detailed information about all the recovery points of the type specified by a resource Amazon Resource Name (ARN).
Note
For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.
See also: AWS API Documentation
Request Syntax
client.list_recovery_points_by_resource(
ResourceArn='string',
NextToken='string',
MaxResults=123
)
string
[REQUIRED]
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
string
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
integer
The maximum number of items to be returned.
Note
Amazon RDS requires a value of at least 20.
dict
Response Syntax
{
'NextToken': 'string',
'RecoveryPoints': [
{
'RecoveryPointArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'EncryptionKeyArn': 'string',
'BackupSizeBytes': 123,
'BackupVaultName': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
RecoveryPoints (list) --
An array of objects that contain detailed information about recovery points of the specified resource type.
Note
Only Amazon EFS and Amazon EC2 recovery points return BackupVaultName.
(dict) --
Contains detailed information about a saved recovery point.
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
CreationDate (datetime) --
The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
A status code specifying the state of the recovery point.
StatusMessage (string) --
A message explaining the reason of the recovery point deletion failure.
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
BackupSizeBytes (integer) --
The size, in bytes, of a backup.
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.