Table of Contents
A low-level client representing AWS Backup
Backup is a unified backup service designed to protect Amazon Web Services services and their associated data. Backup simplifies the creation, migration, restoration, and deletion of backups, while also providing reporting and auditing.
import boto3
client = boto3.client('backup')
These are the available methods:
Check if an operation can be paginated.
Creates a backup plan using a backup plan name and backup rules. A backup plan is a document that contains information that Backup uses to schedule tasks that create recovery points for resources.
If you call CreateBackupPlan with a plan that already exists, you receive an AlreadyExistsException exception.
See also: AWS API Documentation
Request Syntax
response = client.create_backup_plan(
BackupPlan={
'BackupPlanName': 'string',
'Rules': [
{
'RuleName': 'string',
'TargetBackupVaultName': 'string',
'ScheduleExpression': 'string',
'StartWindowMinutes': 123,
'CompletionWindowMinutes': 123,
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'RecoveryPointTags': {
'string': 'string'
},
'CopyActions': [
{
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'DestinationBackupVaultArn': 'string'
},
],
'EnableContinuousBackup': True|False
},
],
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
},
BackupPlanTags={
'string': 'string'
},
CreatorRequestId='string'
)
[REQUIRED]
Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules .
The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.
An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
Specifies a scheduled task used to back up a selection of resources.
A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
A CRON expression in UTC specifying when Backup initiates a backup job.
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.
An array of CopyAction objects, which contains the details of the copy operation.
The details of the copy operation.
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
Specifies whether Backup creates continuous backups. True causes Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes Backup to create snapshot backups.
Specifies a list of BackupOptions for each resource type. These settings are only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
A list of backup options for each resource type.
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair. The specified tags are assigned to all backups created with this plan.
Identifies the request and allows failed requests to be retried without the risk of running the operation twice. If the request includes a CreatorRequestId that matches an existing backup plan, that plan is returned. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
dict
Response Syntax
{
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'VersionId': 'string',
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
Response Structure
(dict) --
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
CreationDate (datetime) --
The date and time that a backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
VersionId (string) --
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
AdvancedBackupSettings (list) --
A list of BackupOptions settings for a resource type. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically .
See also: AWS API Documentation
Request Syntax
response = client.create_backup_selection(
BackupPlanId='string',
BackupSelection={
'SelectionName': 'string',
'IamRoleArn': 'string',
'Resources': [
'string',
],
'ListOfTags': [
{
'ConditionType': 'STRINGEQUALS',
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'NotResources': [
'string',
],
'Conditions': {
'StringEquals': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringNotEquals': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringLike': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringNotLike': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
]
}
},
CreatorRequestId='string'
)
[REQUIRED]
Uniquely identifies the backup plan to be associated with the selection of resources.
[REQUIRED]
Specifies the body of a request to assign a set of resources to a backup plan.
The display name of a resource selection document. Must contain 1 to 50 alphanumeric or '-_.' characters.
The ARN of the IAM role that Backup uses to authenticate when backing up the target resource; for example, arn:aws:iam::123456789012:role/S3Access .
A list of Amazon Resource Names (ARNs) to assign to a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.
If you need to assign many resources to a backup plan, consider a different resource selection strategy, such as assigning all resources of a resource type or refining your resource selection using tags.
A list of conditions that you define to assign resources to your backup plans using tags. For example, "StringEquals": {"Department": "accounting" . Condition operators are case sensitive.
ListOfTags differs from Conditions as follows:
Contains an array of triplets made up of a condition type (such as StringEquals ), a key, and a value. Used to filter resources using their tags and assign them to a backup plan. Case sensitive.
An operation applied to a key-value pair used to assign resources to your backup plan. Condition only supports StringEquals . For more flexible assignment options, including StringLike and the ability to exclude resources from your backup plan, use Conditions (with an "s" on the end) for your ` BackupSelection https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html`__ .
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
A list of Amazon Resource Names (ARNs) to exclude from a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.
If you need to exclude many resources from a backup plan, consider a different resource selection strategy, such as assigning only one or a few resource types or refining your resource selection using tags.
A list of conditions that you define to assign resources to your backup plans using tags. For example, "StringEquals": {"Department": "accounting" . Condition operators are case sensitive.
Conditions differs from ListOfTags as follows:
Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called "exact matching."
Includes information about tags you define to assign tagged resources to a backup plan.
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called "negated matching."
Includes information about tags you define to assign tagged resources to a backup plan.
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
Filters the values of your tagged resources for matching tag values with the use of a wildcard character (*) anywhere in the string. For example, "prod*" or "rod" matches the tag value "production".
Includes information about tags you define to assign tagged resources to a backup plan.
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
Filters the values of your tagged resources for non-matching tag values with the use of a wildcard character (*) anywhere in the string.
Includes information about tags you define to assign tagged resources to a backup plan.
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
dict
Response Syntax
{
'SelectionId': 'string',
'BackupPlanId': 'string',
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
SelectionId (string) --
Uniquely identifies the body of a request to assign a set of resources to a backup plan.
BackupPlanId (string) --
Uniquely identifies a backup plan.
CreationDate (datetime) --
The date and time a backup selection is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.
Note
Do not include sensitive data, such as passport numbers, in the name of a backup vault.
See also: AWS API Documentation
Request Syntax
response = client.create_backup_vault(
BackupVaultName='string',
BackupVaultTags={
'string': 'string'
},
EncryptionKeyArn='string',
CreatorRequestId='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of letters, numbers, and hyphens.
Metadata that you can assign to help organize the resources that you create. Each tag is a key-value pair.
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
dict
Response Syntax
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
CreationDate (datetime) --
The date and time a backup vault is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.
See also: AWS API Documentation
Request Syntax
response = client.create_framework(
FrameworkName='string',
FrameworkDescription='string',
FrameworkControls=[
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
IdempotencyToken='string',
FrameworkTags={
'string': 'string'
}
)
[REQUIRED]
The unique name of the framework. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
[REQUIRED]
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
The name of a control. This name is between 1 and 256 characters.
A list of ParameterName and ParameterValue pairs.
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
The name of a parameter, for example, BackupPlanFrequency .
The value of parameter, for example, hourly .
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
The ID of the only Amazon Web Services resource that you want your control scope to contain.
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string. The structure to assign a tag is: [{"Key":"string","Value":"string"}] .
A customer-chosen string that you can use to distinguish between otherwise identical calls to CreateFrameworkInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.
dict
Response Syntax
{
'FrameworkName': 'string',
'FrameworkArn': 'string'
}
Response Structure
(dict) --
FrameworkName (string) --
The unique name of the framework. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
Exceptions
Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it.
If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.
See also: AWS API Documentation
Request Syntax
response = client.create_report_plan(
ReportPlanName='string',
ReportPlanDescription='string',
ReportDeliveryChannel={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
ReportSetting={
'ReportTemplate': 'string',
'FrameworkArns': [
'string',
],
'NumberOfFrameworks': 123
},
ReportPlanTags={
'string': 'string'
},
IdempotencyToken='string'
)
[REQUIRED]
The unique name of the report plan. The name must be between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
[REQUIRED]
A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
The unique name of the S3 bucket that receives your reports.
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
[REQUIRED]
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT , this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
The Amazon Resource Names (ARNs) of the frameworks a report covers.
The number of frameworks a report covers.
Metadata that you can assign to help organize the report plans that you create. Each tag is a key-value pair.
A customer-chosen string that you can use to distinguish between otherwise identical calls to CreateReportPlanInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportPlanName': 'string',
'ReportPlanArn': 'string',
'CreationTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
ReportPlanName (string) --
The unique name of the report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationTime (datetime) --
The date and time a backup vault is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Deletes a backup plan. A backup plan can only be deleted after all associated selections of resources have been deleted. Deleting a backup plan deletes the current version of a backup plan. Previous versions, if any, will still exist.
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_plan(
BackupPlanId='string'
)
[REQUIRED]
Uniquely identifies a backup plan.
{
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'DeletionDate': datetime(2015, 1, 1),
'VersionId': 'string'
}
Response Structure
Uniquely identifies a backup plan.
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
The date and time a backup plan is deleted, in Unix format and Coordinated Universal Time (UTC). The value of DeletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.
Exceptions
Deletes the resource selection associated with a backup plan that is specified by the SelectionId .
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_selection(
BackupPlanId='string',
SelectionId='string'
)
[REQUIRED]
Uniquely identifies a backup plan.
[REQUIRED]
Uniquely identifies the body of a request to assign a set of resources to a backup plan.
None
Exceptions
Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_vault(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Exceptions
Deletes the policy document that manages permissions on a backup vault.
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_vault_access_policy(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Exceptions
Deletes Backup Vault Lock from a backup vault specified by a backup vault name.
If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using API operations, and you will receive an InvalidRequestException if you attempt to do so. For more information, see Vault Lock in the Backup Developer Guide .
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_vault_lock_configuration(
BackupVaultName='string'
)
[REQUIRED]
The name of the backup vault from which to delete Backup Vault Lock.
Exceptions
Deletes event notifications for the specified backup vault.
See also: AWS API Documentation
Request Syntax
response = client.delete_backup_vault_notifications(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Exceptions
Deletes the framework specified by a framework name.
See also: AWS API Documentation
Request Syntax
response = client.delete_framework(
FrameworkName='string'
)
[REQUIRED]
The unique name of a framework.
Exceptions
Deletes the recovery point specified by a recovery point ID.
If the recovery point ID belongs to a continuous backup, calling this endpoint deletes the existing continuous backup and stops future continuous backup.
See also: AWS API Documentation
Request Syntax
response = client.delete_recovery_point(
BackupVaultName='string',
RecoveryPointArn='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
None
Exceptions
Deletes the report plan specified by a report plan name.
See also: AWS API Documentation
Request Syntax
response = client.delete_report_plan(
ReportPlanName='string'
)
[REQUIRED]
The unique name of a report plan.
Exceptions
Returns backup job details for the specified BackupJobId .
See also: AWS API Documentation
Request Syntax
response = client.describe_backup_job(
BackupJobId='string'
)
[REQUIRED]
Uniquely identifies a request to Backup to back up a resource.
{
'AccountId': 'string',
'BackupJobId': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'RecoveryPointArn': 'string',
'ResourceArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'State': 'CREATED'|'PENDING'|'RUNNING'|'ABORTING'|'ABORTED'|'COMPLETED'|'FAILED'|'EXPIRED',
'StatusMessage': 'string',
'PercentDone': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'ResourceType': 'string',
'BytesTransferred': 123,
'ExpectedCompletionDate': datetime(2015, 1, 1),
'StartBy': datetime(2015, 1, 1),
'BackupOptions': {
'string': 'string'
},
'BackupType': 'string'
}
Response Structure
Returns the account ID that owns the backup job.
Uniquely identifies a request to Backup to back up a resource.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
An ARN that uniquely identifies a saved resource. The format of the ARN depends on the resource type.
The date and time that a backup job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a job to create a backup job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The current state of a resource recovery point.
A detailed message explaining the status of the job to back up a resource.
Contains an estimated percentage that is complete of a job at the time the job status was queried.
The size, in bytes, of a backup.
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Contains identifying information about the creation of a backup job, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan that is used to create it.
Uniquely identifies a backup plan.
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
Uniquely identifies a rule used to schedule the backup of a selection of resources.
The type of Amazon Web Services resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
The size in bytes transferred to a backup vault at the time that the job status was queried.
The date and time that a job to back up resources is expected to be completed, in Unix format and Coordinated Universal Time (UTC). The value of ExpectedCompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Specifies the time in Unix format and Coordinated Universal Time (UTC) when a backup job must be started before it is canceled. The value is calculated by adding the start window to the scheduled time. So if the scheduled time were 6:00 PM and the start window is 2 hours, the StartBy time would be 8:00 PM on the date specified. The value of StartBy is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Represents the options specified as part of backup plan or on-demand backup job.
Represents the actual backup type selected for a backup job. For example, if a successful Windows Volume Shadow Copy Service (VSS) backup was taken, BackupType returns "WindowsVSS" . If BackupType is empty, then the backup type was a regular backup.
Exceptions
Returns metadata about a backup vault specified by its name.
See also: AWS API Documentation
Request Syntax
response = client.describe_backup_vault(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'EncryptionKeyArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CreatorRequestId': 'string',
'NumberOfRecoveryPoints': 123,
'Locked': True|False,
'MinRetentionDays': 123,
'MaxRetentionDays': 123,
'LockDate': datetime(2015, 1, 1)
}
Response Structure
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
The date and time that a backup vault is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.
The number of recovery points that are stored in a backup vault.
A Boolean that indicates whether Backup Vault Lock is currently protecting the backup vault. True means that Vault Lock causes delete or update operations on the recovery points stored in the vault to fail.
The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a minimum retention period.
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
The Backup Vault Lock setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
The date and time when Backup Vault Lock configuration cannot be changed or deleted.
If you applied Vault Lock to your vault without specifying a lock date, you can change any of your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.
This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns metadata associated with creating a copy of a resource.
See also: AWS API Documentation
Request Syntax
response = client.describe_copy_job(
CopyJobId='string'
)
[REQUIRED]
Uniquely identifies a copy job.
{
'CopyJob': {
'AccountId': 'string',
'CopyJobId': 'string',
'SourceBackupVaultArn': 'string',
'SourceRecoveryPointArn': 'string',
'DestinationBackupVaultArn': 'string',
'DestinationRecoveryPointArn': 'string',
'ResourceArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'State': 'CREATED'|'RUNNING'|'COMPLETED'|'FAILED',
'StatusMessage': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'ResourceType': 'string'
}
}
Response Structure
Contains detailed information about a copy job.
The account ID that owns the copy job.
Uniquely identifies a copy job.
An Amazon Resource Name (ARN) that uniquely identifies a source copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
An ARN that uniquely identifies a source recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
An Amazon Resource Name (ARN) that uniquely identifies a destination copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
An ARN that uniquely identifies a destination recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
The Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
The date and time a copy job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time a copy job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The current state of a copy job.
A detailed message explaining the status of the job to copy a resource.
The size, in bytes, of a copy job.
Specifies the IAM role ARN used to copy the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Contains information about the backup plan and rule that Backup used to initiate the recovery point backup.
Uniquely identifies a backup plan.
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
Uniquely identifies a rule used to schedule the backup of a selection of resources.
The type of Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
Exceptions
Returns the framework details for the specified FrameworkName .
See also: AWS API Documentation
Request Syntax
response = client.describe_framework(
FrameworkName='string'
)
[REQUIRED]
The unique name of a framework.
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'FrameworkDescription': 'string',
'FrameworkControls': [
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
'CreationTime': datetime(2015, 1, 1),
'DeploymentStatus': 'string',
'FrameworkStatus': 'string',
'IdempotencyToken': 'string'
}
Response Structure
The unique name of a framework.
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
An optional description of the framework.
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
The name of a control. This name is between 1 and 256 characters.
A list of ParameterName and ParameterValue pairs.
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
The name of a parameter, for example, BackupPlanFrequency .
The value of parameter, for example, hourly .
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
The ID of the only Amazon Web Services resource that you want your control scope to contain.
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string. The structure to assign a tag is: [{"Key":"string","Value":"string"}] .
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The deployment status of a framework. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED
A framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn Config recording on or off for each resource. The statuses are:
A customer-chosen string that you can use to distinguish between otherwise identical calls to DescribeFrameworkOutput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
Exceptions
Describes whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not a member of an Organizations organization. Example: describe-global-settings --region us-west-2
See also: AWS API Documentation
Request Syntax
response = client.describe_global_settings()
{
'GlobalSettings': {
'string': 'string'
},
'LastUpdateTime': datetime(2015, 1, 1)
}
Response Structure
The status of the flag isCrossAccountBackupEnabled .
The date and time that the flag isCrossAccountBackupEnabled was last updated. This update is in Unix format and Coordinated Universal Time (UTC). The value of LastUpdateTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns information about a saved resource, including the last time it was backed up, its Amazon Resource Name (ARN), and the Amazon Web Services service type of the saved resource.
See also: AWS API Documentation
Request Syntax
response = client.describe_protected_resource(
ResourceArn='string'
)
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
{
'ResourceArn': 'string',
'ResourceType': 'string',
'LastBackupTime': datetime(2015, 1, 1)
}
Response Structure
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon EBS volume or an Amazon RDS database.
The date and time that a resource was last backed up, in Unix format and Coordinated Universal Time (UTC). The value of LastBackupTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.
See also: AWS API Documentation
Request Syntax
response = client.describe_recovery_point(
BackupVaultName='string',
RecoveryPointArn='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
dict
Response Syntax
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'StorageClass': 'WARM'|'COLD'|'DELETED',
'LastRestoreTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in; for example, arn:aws:backup:us-east-1:123456789012:vault:BackupVault . If the recovery is restored to the same Amazon Web Services account or Region, this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a saved resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource to save as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan . You can also increase your backup plan window using the Console by choosing and editing your backup plan.
EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started .
StatusMessage (string) --
A status message explaining the reason for the recovery point deletion failure.
CreationDate (datetime) --
The date and time that a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time that a job to create a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
StorageClass (string) --
Specifies the storage class of the recovery point. Valid values are WARM or COLD .
LastRestoreTime (datetime) --
The date and time that a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns the current service opt-in settings for the Region. If service opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region.
See also: AWS API Documentation
Request Syntax
response = client.describe_region_settings()
{
'ResourceTypeOptInPreference': {
'string': True|False
},
'ResourceTypeManagementPreference': {
'string': True|False
}
}
Response Structure
Returns a list of all services along with the opt-in preferences in the Region.
Returns whether Backup fully manages the backups for a resource type.
For the benefits of full Backup management, see Full Backup management .
For a list of resource types and whether each supports full Backup management, see the Feature availability by resource table.
If "DynamoDB":false , you can enable full Backup management for DynamoDB backup by enabling Backup's advanced DynamoDB backup features .
Exceptions
Returns the details associated with creating a report as specified by its ReportJobId .
See also: AWS API Documentation
Request Syntax
response = client.describe_report_job(
ReportJobId='string'
)
[REQUIRED]
The identifier of the report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. The report job ID cannot be edited.
{
'ReportJob': {
'ReportJobId': 'string',
'ReportPlanArn': 'string',
'ReportTemplate': 'string',
'CreationTime': datetime(2015, 1, 1),
'CompletionTime': datetime(2015, 1, 1),
'Status': 'string',
'StatusMessage': 'string',
'ReportDestination': {
'S3BucketName': 'string',
'S3Keys': [
'string',
]
}
}
}
Response Structure
A list of information about a report job, including its completion and creation times, report destination, unique report job ID, Amazon Resource Name (ARN), report template, status, and status message.
The identifier for a report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. Report job IDs cannot be edited.
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
The date and time that a report job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a report job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The status of a report job. The statuses are:
CREATED | RUNNING | COMPLETED | FAILEDCOMPLETED means that the report is available for your review at your designated destination. If the status is FAILED , review the StatusMessage for the reason.
A message explaining the status of the report job.
The S3 bucket name and S3 keys for the destination where the report job publishes the report.
The unique name of the Amazon S3 bucket that receives your reports.
The object key that uniquely identifies your reports in your S3 bucket.
Exceptions
Returns a list of all report plans for an Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
response = client.describe_report_plan(
ReportPlanName='string'
)
[REQUIRED]
The unique name of a report plan.
{
'ReportPlan': {
'ReportPlanArn': 'string',
'ReportPlanName': 'string',
'ReportPlanDescription': 'string',
'ReportSetting': {
'ReportTemplate': 'string',
'FrameworkArns': [
'string',
],
'NumberOfFrameworks': 123
},
'ReportDeliveryChannel': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
'DeploymentStatus': 'string',
'CreationTime': datetime(2015, 1, 1),
'LastAttemptedExecutionTime': datetime(2015, 1, 1),
'LastSuccessfulExecutionTime': datetime(2015, 1, 1)
}
}
Response Structure
Returns details about the report plan that is specified by its name. These details include the report plan's Amazon Resource Name (ARN), description, settings, delivery channel, deployment status, creation time, and last attempted and successful run times.
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
The unique name of the report plan. This name is between 1 and 256 characters starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
An optional description of the report plan with a maximum 1,024 characters.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT , this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
The Amazon Resource Names (ARNs) of the frameworks a report covers.
The number of frameworks a report covers.
Contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
The unique name of the S3 bucket that receives your reports.
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
The deployment status of a report plan. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a report job associated with this report plan last attempted to run, in Unix format and Coordinated Universal Time (UTC). The value of LastAttemptedExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a report job associated with this report plan last successfully ran, in Unix format and Coordinated Universal Time (UTC). The value of LastSuccessfulExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns metadata associated with a restore job that is specified by a job ID.
See also: AWS API Documentation
Request Syntax
response = client.describe_restore_job(
RestoreJobId='string'
)
[REQUIRED]
Uniquely identifies the job that restores a recovery point.
{
'AccountId': 'string',
'RestoreJobId': 'string',
'RecoveryPointArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'Status': 'PENDING'|'RUNNING'|'COMPLETED'|'ABORTED'|'FAILED',
'StatusMessage': 'string',
'PercentDone': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'ExpectedCompletionTimeMinutes': 123,
'CreatedResourceArn': 'string',
'ResourceType': 'string'
}
Response Structure
Returns the account ID that owns the restore job.
Uniquely identifies the job that restores a recovery point.
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
The date and time that a restore job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status code specifying the state of the job that is initiated by Backup to restore a recovery point.
A message showing the status of a job to restore a recovery point.
Contains an estimated percentage that is complete of a job at the time the job status was queried.
The size, in bytes, of the restored resource.
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
The amount of time in minutes that a job restoring a recovery point is expected to take.
An Amazon Resource Name (ARN) that uniquely identifies a resource whose recovery point is being restored. The format of the ARN depends on the resource type of the backed-up resource.
Returns metadata associated with a restore job listed by resource type.
Exceptions
Deletes the specified continuous backup recovery point from Backup and releases control of that continuous backup to the source service, such as Amazon RDS. The source service will continue to create and retain continuous backups using the lifecycle that you specified in your original backup plan.
Does not support snapshot backup recovery points.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_recovery_point(
BackupVaultName='string',
RecoveryPointArn='string'
)
[REQUIRED]
The unique name of an Backup vault.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies an Backup recovery point.
None
Exceptions
Returns the backup plan that is specified by the plan ID as a backup template.
See also: AWS API Documentation
Request Syntax
response = client.export_backup_plan_template(
BackupPlanId='string'
)
[REQUIRED]
Uniquely identifies a backup plan.
{
'BackupPlanTemplateJson': 'string'
}
Response Structure
The body of a backup plan template in JSON format.
Note
This is a signed JSON document that cannot be modified before being passed to GetBackupPlanFromJSON.
Exceptions
Returns BackupPlan details for the specified BackupPlanId . The details are the body of a backup plan in JSON format, in addition to plan metadata.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_plan(
BackupPlanId='string',
VersionId='string'
)
[REQUIRED]
Uniquely identifies a backup plan.
dict
Response Syntax
{
'BackupPlan': {
'BackupPlanName': 'string',
'Rules': [
{
'RuleName': 'string',
'TargetBackupVaultName': 'string',
'ScheduleExpression': 'string',
'StartWindowMinutes': 123,
'CompletionWindowMinutes': 123,
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'RecoveryPointTags': {
'string': 'string'
},
'RuleId': 'string',
'CopyActions': [
{
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'DestinationBackupVaultArn': 'string'
},
],
'EnableContinuousBackup': True|False
},
],
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
},
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'VersionId': 'string',
'CreatorRequestId': 'string',
'CreationDate': datetime(2015, 1, 1),
'DeletionDate': datetime(2015, 1, 1),
'LastExecutionDate': datetime(2015, 1, 1),
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
Response Structure
(dict) --
BackupPlan (dict) --
Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules .
BackupPlanName (string) --
The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.
Rules (list) --
An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
(dict) --
Specifies a scheduled task used to back up a selection of resources.
RuleName (string) --
A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.
TargetBackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
ScheduleExpression (string) --
A cron expression in UTC specifying when Backup initiates a backup job. For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide. . Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC). For a table of examples, click the preceding link and scroll down the page.
StartWindowMinutes (integer) --
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
CompletionWindowMinutes (integer) --
A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
RecoveryPointTags (dict) --
An array of key-value pair strings that are assigned to resources that are associated with this rule when restored from backup.
RuleId (string) --
Uniquely identifies a rule that is used to schedule the backup of a selection of resources.
CopyActions (list) --
An array of CopyAction objects, which contains the details of the copy operation.
(dict) --
The details of the copy operation.
Lifecycle (dict) --
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
DestinationBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
EnableContinuousBackup (boolean) --
Specifies whether Backup creates continuous backups. True causes Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes Backup to create snapshot backups.
AdvancedBackupSettings (list) --
Contains a list of BackupOptions for each resource type.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
VersionId (string) --
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.
CreationDate (datetime) --
The date and time that a backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeletionDate (datetime) --
The date and time that a backup plan is deleted, in Unix format and Coordinated Universal Time (UTC). The value of DeletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastExecutionDate (datetime) --
The last time a job to back up resources was run with this backup plan. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
AdvancedBackupSettings (list) --
Contains a list of BackupOptions for each resource type. The list is populated only if the advanced option is set for the backup plan.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Returns a valid JSON document specifying a backup plan or an error.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_plan_from_json(
BackupPlanTemplateJson='string'
)
[REQUIRED]
A customer-supplied backup plan document in JSON format.
{
'BackupPlan': {
'BackupPlanName': 'string',
'Rules': [
{
'RuleName': 'string',
'TargetBackupVaultName': 'string',
'ScheduleExpression': 'string',
'StartWindowMinutes': 123,
'CompletionWindowMinutes': 123,
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'RecoveryPointTags': {
'string': 'string'
},
'RuleId': 'string',
'CopyActions': [
{
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'DestinationBackupVaultArn': 'string'
},
],
'EnableContinuousBackup': True|False
},
],
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
}
Response Structure
Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules .
The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.
An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
Specifies a scheduled task used to back up a selection of resources.
A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
A cron expression in UTC specifying when Backup initiates a backup job. For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide. . Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC). For a table of examples, click the preceding link and scroll down the page.
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An array of key-value pair strings that are assigned to resources that are associated with this rule when restored from backup.
Uniquely identifies a rule that is used to schedule the backup of a selection of resources.
An array of CopyAction objects, which contains the details of the copy operation.
The details of the copy operation.
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
Specifies whether Backup creates continuous backups. True causes Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes Backup to create snapshot backups.
Contains a list of BackupOptions for each resource type.
A list of backup options for each resource type.
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Returns the template specified by its templateId as a backup plan.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_plan_from_template(
BackupPlanTemplateId='string'
)
[REQUIRED]
Uniquely identifies a stored backup plan template.
{
'BackupPlanDocument': {
'BackupPlanName': 'string',
'Rules': [
{
'RuleName': 'string',
'TargetBackupVaultName': 'string',
'ScheduleExpression': 'string',
'StartWindowMinutes': 123,
'CompletionWindowMinutes': 123,
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'RecoveryPointTags': {
'string': 'string'
},
'RuleId': 'string',
'CopyActions': [
{
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'DestinationBackupVaultArn': 'string'
},
],
'EnableContinuousBackup': True|False
},
],
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
}
Response Structure
Returns the body of a backup plan based on the target template, including the name, rules, and backup vault of the plan.
The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.
An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
Specifies a scheduled task used to back up a selection of resources.
A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
A cron expression in UTC specifying when Backup initiates a backup job. For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide. . Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC). For a table of examples, click the preceding link and scroll down the page.
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An array of key-value pair strings that are assigned to resources that are associated with this rule when restored from backup.
Uniquely identifies a rule that is used to schedule the backup of a selection of resources.
An array of CopyAction objects, which contains the details of the copy operation.
The details of the copy operation.
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
Specifies whether Backup creates continuous backups. True causes Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes Backup to create snapshot backups.
Contains a list of BackupOptions for each resource type.
A list of backup options for each resource type.
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Returns selection metadata and a document in JSON format that specifies a list of resources that are associated with a backup plan.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_selection(
BackupPlanId='string',
SelectionId='string'
)
[REQUIRED]
Uniquely identifies a backup plan.
[REQUIRED]
Uniquely identifies the body of a request to assign a set of resources to a backup plan.
dict
Response Syntax
{
'BackupSelection': {
'SelectionName': 'string',
'IamRoleArn': 'string',
'Resources': [
'string',
],
'ListOfTags': [
{
'ConditionType': 'STRINGEQUALS',
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'NotResources': [
'string',
],
'Conditions': {
'StringEquals': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringNotEquals': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringLike': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
],
'StringNotLike': [
{
'ConditionKey': 'string',
'ConditionValue': 'string'
},
]
}
},
'SelectionId': 'string',
'BackupPlanId': 'string',
'CreationDate': datetime(2015, 1, 1),
'CreatorRequestId': 'string'
}
Response Structure
(dict) --
BackupSelection (dict) --
Specifies the body of a request to assign a set of resources to a backup plan.
SelectionName (string) --
The display name of a resource selection document. Must contain 1 to 50 alphanumeric or '-_.' characters.
IamRoleArn (string) --
The ARN of the IAM role that Backup uses to authenticate when backing up the target resource; for example, arn:aws:iam::123456789012:role/S3Access .
Resources (list) --
A list of Amazon Resource Names (ARNs) to assign to a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.
If you need to assign many resources to a backup plan, consider a different resource selection strategy, such as assigning all resources of a resource type or refining your resource selection using tags.
ListOfTags (list) --
A list of conditions that you define to assign resources to your backup plans using tags. For example, "StringEquals": {"Department": "accounting" . Condition operators are case sensitive.
ListOfTags differs from Conditions as follows:
(dict) --
Contains an array of triplets made up of a condition type (such as StringEquals ), a key, and a value. Used to filter resources using their tags and assign them to a backup plan. Case sensitive.
ConditionType (string) --
An operation applied to a key-value pair used to assign resources to your backup plan. Condition only supports StringEquals . For more flexible assignment options, including StringLike and the ability to exclude resources from your backup plan, use Conditions (with an "s" on the end) for your ` BackupSelection https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html`__ .
ConditionKey (string) --
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
ConditionValue (string) --
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
NotResources (list) --
A list of Amazon Resource Names (ARNs) to exclude from a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.
If you need to exclude many resources from a backup plan, consider a different resource selection strategy, such as assigning only one or a few resource types or refining your resource selection using tags.
Conditions (dict) --
A list of conditions that you define to assign resources to your backup plans using tags. For example, "StringEquals": {"Department": "accounting" . Condition operators are case sensitive.
Conditions differs from ListOfTags as follows:
StringEquals (list) --
Filters the values of your tagged resources for only those resources that you tagged with the same value. Also called "exact matching."
(dict) --
Includes information about tags you define to assign tagged resources to a backup plan.
ConditionKey (string) --
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
ConditionValue (string) --
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
StringNotEquals (list) --
Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called "negated matching."
(dict) --
Includes information about tags you define to assign tagged resources to a backup plan.
ConditionKey (string) --
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
ConditionValue (string) --
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
StringLike (list) --
Filters the values of your tagged resources for matching tag values with the use of a wildcard character (*) anywhere in the string. For example, "prod*" or "rod" matches the tag value "production".
(dict) --
Includes information about tags you define to assign tagged resources to a backup plan.
ConditionKey (string) --
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
ConditionValue (string) --
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
StringNotLike (list) --
Filters the values of your tagged resources for non-matching tag values with the use of a wildcard character (*) anywhere in the string.
(dict) --
Includes information about tags you define to assign tagged resources to a backup plan.
ConditionKey (string) --
The key in a key-value pair. For example, in the tag Department: Accounting , Department is the key.
ConditionValue (string) --
The value in a key-value pair. For example, in the tag Department: Accounting , Accounting is the value.
SelectionId (string) --
Uniquely identifies the body of a request to assign a set of resources to a backup plan.
BackupPlanId (string) --
Uniquely identifies a backup plan.
CreationDate (datetime) --
The date and time a backup selection is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.
Exceptions
Returns the access policy document that is associated with the named backup vault.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_vault_access_policy(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'Policy': 'string'
}
Response Structure
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
The backup vault access policy document in JSON format.
Exceptions
Returns event notifications for the specified backup vault.
See also: AWS API Documentation
Request Syntax
response = client.get_backup_vault_notifications(
BackupVaultName='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SNSTopicArn': 'string',
'BackupVaultEvents': [
'BACKUP_JOB_STARTED'|'BACKUP_JOB_COMPLETED'|'BACKUP_JOB_SUCCESSFUL'|'BACKUP_JOB_FAILED'|'BACKUP_JOB_EXPIRED'|'RESTORE_JOB_STARTED'|'RESTORE_JOB_COMPLETED'|'RESTORE_JOB_SUCCESSFUL'|'RESTORE_JOB_FAILED'|'COPY_JOB_STARTED'|'COPY_JOB_SUCCESSFUL'|'COPY_JOB_FAILED'|'RECOVERY_POINT_MODIFIED'|'BACKUP_PLAN_CREATED'|'BACKUP_PLAN_MODIFIED'|'S3_BACKUP_OBJECT_FAILED'|'S3_RESTORE_OBJECT_FAILED',
]
}
Response Structure
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
An ARN that uniquely identifies an Amazon Simple Notification Service (Amazon SNS) topic; for example, arn:aws:sns:us-west-2:111122223333:MyTopic .
An array of events that indicate the status of jobs to back up resources to the backup vault.
Exceptions
Create a paginator for an operation.
Returns a set of metadata key-value pairs that were used to create the backup.
See also: AWS API Documentation
Request Syntax
response = client.get_recovery_point_restore_metadata(
BackupVaultName='string',
RecoveryPointArn='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
dict
Response Syntax
{
'BackupVaultArn': 'string',
'RecoveryPointArn': 'string',
'RestoreMetadata': {
'string': 'string'
}
}
Response Structure
(dict) --
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
RestoreMetadata (dict) --
The set of metadata key-value pairs that describe the original configuration of the backed-up resource. These values vary depending on the service that is being restored.
Exceptions
Returns the Amazon Web Services resource types supported by Backup.
See also: AWS API Documentation
Request Syntax
response = client.get_supported_resource_types()
{
'ResourceTypes': [
'string',
]
}
Response Structure
Contains a string with the supported Amazon Web Services resource types:
Exceptions
Returns an object that can wait for some condition.
Returns a list of existing backup jobs for an authenticated account for the last 30 days. For a longer period of time, consider using these monitoring tools .
See also: AWS API Documentation
Request Syntax
response = client.list_backup_jobs(
NextToken='string',
MaxResults=123,
ByResourceArn='string',
ByState='CREATED'|'PENDING'|'RUNNING'|'ABORTING'|'ABORTED'|'COMPLETED'|'FAILED'|'EXPIRED',
ByBackupVaultName='string',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1),
ByResourceType='string',
ByAccountId='string'
)
Returns only backup jobs for the specified resources:
The account ID to list the jobs from. Returns only backup jobs associated with the specified account ID.
If used from an Organizations management account, passing * returns all jobs across the organization.
dict
Response Syntax
{
'BackupJobs': [
{
'AccountId': 'string',
'BackupJobId': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'RecoveryPointArn': 'string',
'ResourceArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'State': 'CREATED'|'PENDING'|'RUNNING'|'ABORTING'|'ABORTED'|'COMPLETED'|'FAILED'|'EXPIRED',
'StatusMessage': 'string',
'PercentDone': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'ExpectedCompletionDate': datetime(2015, 1, 1),
'StartBy': datetime(2015, 1, 1),
'ResourceType': 'string',
'BytesTransferred': 123,
'BackupOptions': {
'string': 'string'
},
'BackupType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
BackupJobs (list) --
An array of structures containing metadata about your backup jobs returned in JSON format.
(dict) --
Contains detailed information about a backup job.
AccountId (string) --
The account ID that owns the backup job.
BackupJobId (string) --
Uniquely identifies a request to Backup to back up a resource.
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
ResourceArn (string) --
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationDate (datetime) --
The date and time a backup job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a job to create a backup job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
State (string) --
The current state of a resource recovery point.
StatusMessage (string) --
A detailed message explaining the status of the job to back up a resource.
PercentDone (string) --
Contains an estimated percentage complete of a job at the time the job status was queried.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point. IAM roles other than the default role must include either AWSBackup or AwsBackup in the role name. For example, arn:aws:iam::123456789012:role/AWSBackupRDSAccess . Role names without those strings lack permissions to perform backup jobs.
CreatedBy (dict) --
Contains identifying information about the creation of a backup job, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
ExpectedCompletionDate (datetime) --
The date and time a job to back up resources is expected to be completed, in Unix format and Coordinated Universal Time (UTC). The value of ExpectedCompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
StartBy (datetime) --
Specifies the time in Unix format and Coordinated Universal Time (UTC) when a backup job must be started before it is canceled. The value is calculated by adding the start window to the scheduled time. So if the scheduled time were 6:00 PM and the start window is 2 hours, the StartBy time would be 8:00 PM on the date specified. The value of StartBy is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
ResourceType (string) --
The type of Amazon Web Services resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
BytesTransferred (integer) --
The size in bytes transferred to a backup vault at the time that the job status was queried.
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
Valid values: Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup. Set to "WindowsVSS":"disabled" to create a regular backup. If you specify an invalid option, you get an InvalidParameterValueException exception.
BackupType (string) --
Represents the type of backup for a backup job.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Exceptions
Returns metadata of your saved backup plan templates, including the template ID, name, and the creation and deletion dates.
See also: AWS API Documentation
Request Syntax
response = client.list_backup_plan_templates(
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'NextToken': 'string',
'BackupPlanTemplatesList': [
{
'BackupPlanTemplateId': 'string',
'BackupPlanTemplateName': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
BackupPlanTemplatesList (list) --
An array of template list items containing metadata about your saved templates.
(dict) --
An object specifying metadata associated with a backup plan template.
BackupPlanTemplateId (string) --
Uniquely identifies a stored backup plan template.
BackupPlanTemplateName (string) --
The optional display name of a backup plan template.
Exceptions
Returns version metadata of your backup plans, including Amazon Resource Names (ARNs), backup plan IDs, creation and deletion dates, plan names, and version IDs.
See also: AWS API Documentation
Request Syntax
response = client.list_backup_plan_versions(
BackupPlanId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
Uniquely identifies a backup plan.
dict
Response Syntax
{
'NextToken': 'string',
'BackupPlanVersionsList': [
{
'BackupPlanArn': 'string',
'BackupPlanId': 'string',
'CreationDate': datetime(2015, 1, 1),
'DeletionDate': datetime(2015, 1, 1),
'VersionId': 'string',
'BackupPlanName': 'string',
'CreatorRequestId': 'string',
'LastExecutionDate': datetime(2015, 1, 1),
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
BackupPlanVersionsList (list) --
An array of version list items containing metadata about your backup plans.
(dict) --
Contains metadata about a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanId (string) --
Uniquely identifies a backup plan.
CreationDate (datetime) --
The date and time a resource backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeletionDate (datetime) --
The date and time a backup plan is deleted, in Unix format and Coordinated Universal Time (UTC). The value of DeletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
VersionId (string) --
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.
BackupPlanName (string) --
The display name of a saved backup plan.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
LastExecutionDate (datetime) --
The last time a job to back up resources was run with this rule. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
AdvancedBackupSettings (list) --
Contains a list of BackupOptions for a resource type.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Returns a list of all active backup plans for an authenticated account. The list contains information such as Amazon Resource Names (ARNs), plan IDs, creation and deletion dates, version IDs, plan names, and creator request IDs.
See also: AWS API Documentation
Request Syntax
response = client.list_backup_plans(
NextToken='string',
MaxResults=123,
IncludeDeleted=True|False
)
dict
Response Syntax
{
'NextToken': 'string',
'BackupPlansList': [
{
'BackupPlanArn': 'string',
'BackupPlanId': 'string',
'CreationDate': datetime(2015, 1, 1),
'DeletionDate': datetime(2015, 1, 1),
'VersionId': 'string',
'BackupPlanName': 'string',
'CreatorRequestId': 'string',
'LastExecutionDate': datetime(2015, 1, 1),
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
BackupPlansList (list) --
An array of backup plan list items containing metadata about your saved backup plans.
(dict) --
Contains metadata about a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanId (string) --
Uniquely identifies a backup plan.
CreationDate (datetime) --
The date and time a resource backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeletionDate (datetime) --
The date and time a backup plan is deleted, in Unix format and Coordinated Universal Time (UTC). The value of DeletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
VersionId (string) --
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.
BackupPlanName (string) --
The display name of a saved backup plan.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
LastExecutionDate (datetime) --
The last time a job to back up resources was run with this rule. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
AdvancedBackupSettings (list) --
Contains a list of BackupOptions for a resource type.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Returns an array containing metadata of the resources associated with the target backup plan.
See also: AWS API Documentation
Request Syntax
response = client.list_backup_selections(
BackupPlanId='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
Uniquely identifies a backup plan.
dict
Response Syntax
{
'NextToken': 'string',
'BackupSelectionsList': [
{
'SelectionId': 'string',
'SelectionName': 'string',
'BackupPlanId': 'string',
'CreationDate': datetime(2015, 1, 1),
'CreatorRequestId': 'string',
'IamRoleArn': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
BackupSelectionsList (list) --
An array of backup selection list items containing metadata about each resource in the list.
(dict) --
Contains metadata about a BackupSelection object.
SelectionId (string) --
Uniquely identifies a request to assign a set of resources to a backup plan.
SelectionName (string) --
The display name of a resource selection document.
BackupPlanId (string) --
Uniquely identifies a backup plan.
CreationDate (datetime) --
The date and time a backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
IamRoleArn (string) --
Specifies the IAM role Amazon Resource Name (ARN) to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Exceptions
Returns a list of recovery point storage containers along with information about them.
See also: AWS API Documentation
Request Syntax
response = client.list_backup_vaults(
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'BackupVaultList': [
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'EncryptionKeyArn': 'string',
'CreatorRequestId': 'string',
'NumberOfRecoveryPoints': 123,
'Locked': True|False,
'MinRetentionDays': 123,
'MaxRetentionDays': 123,
'LockDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
BackupVaultList (list) --
An array of backup vault list members containing vault metadata, including Amazon Resource Name (ARN), display name, creation date, number of saved recovery points, and encryption information if the resources saved in the backup vault are encrypted.
(dict) --
Contains metadata about a backup vault.
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
CreationDate (datetime) --
The date and time a resource backup is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
EncryptionKeyArn (string) --
A server-side encryption key you can specify to encrypt your backups from services that support full Backup management; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab . If you specify a key, you must specify its ARN, not its alias. If you do not specify a key, Backup creates a KMS key for you by default.
To learn which Backup services support full Backup management and how Backup handles encryption for backups from services that do not yet support full Backup, see Encryption for backups in Backup
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
NumberOfRecoveryPoints (integer) --
The number of recovery points that are stored in a backup vault.
Locked (boolean) --
A Boolean value that indicates whether Backup Vault Lock applies to the selected backup vault. If true , Vault Lock prevents delete and update operations on the recovery points in the selected vault.
MinRetentionDays (integer) --
The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a minimum retention period.
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
MaxRetentionDays (integer) --
The Backup Vault Lock setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
LockDate (datetime) --
The date and time when Backup Vault Lock configuration becomes immutable, meaning it cannot be changed or deleted.
If you applied Vault Lock to your vault without specifying a lock date, you can change your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.
This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Exceptions
Returns metadata about your copy jobs.
See also: AWS API Documentation
Request Syntax
response = client.list_copy_jobs(
NextToken='string',
MaxResults=123,
ByResourceArn='string',
ByState='CREATED'|'RUNNING'|'COMPLETED'|'FAILED',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1),
ByResourceType='string',
ByDestinationVaultArn='string',
ByAccountId='string'
)
Returns only backup jobs for the specified resources:
dict
Response Syntax
{
'CopyJobs': [
{
'AccountId': 'string',
'CopyJobId': 'string',
'SourceBackupVaultArn': 'string',
'SourceRecoveryPointArn': 'string',
'DestinationBackupVaultArn': 'string',
'DestinationRecoveryPointArn': 'string',
'ResourceArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'State': 'CREATED'|'RUNNING'|'COMPLETED'|'FAILED',
'StatusMessage': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'ResourceType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
CopyJobs (list) --
An array of structures containing metadata about your copy jobs returned in JSON format.
(dict) --
Contains detailed information about a copy job.
AccountId (string) --
The account ID that owns the copy job.
CopyJobId (string) --
Uniquely identifies a copy job.
SourceBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a source copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceRecoveryPointArn (string) --
An ARN that uniquely identifies a source recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
DestinationBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a destination copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
DestinationRecoveryPointArn (string) --
An ARN that uniquely identifies a destination recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
ResourceArn (string) --
The Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
CreationDate (datetime) --
The date and time a copy job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a copy job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
State (string) --
The current state of a copy job.
StatusMessage (string) --
A detailed message explaining the status of the job to copy a resource.
BackupSizeInBytes (integer) --
The size, in bytes, of a copy job.
IamRoleArn (string) --
Specifies the IAM role ARN used to copy the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
CreatedBy (dict) --
Contains information about the backup plan and rule that Backup used to initiate the recovery point backup.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
ResourceType (string) --
The type of Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Exceptions
Returns a list of all frameworks for an Amazon Web Services account and Amazon Web Services Region.
See also: AWS API Documentation
Request Syntax
response = client.list_frameworks(
MaxResults=123,
NextToken='string'
)
dict
Response Syntax
{
'Frameworks': [
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'FrameworkDescription': 'string',
'NumberOfControls': 123,
'CreationTime': datetime(2015, 1, 1),
'DeploymentStatus': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Frameworks (list) --
A list of frameworks with details for each framework, including the framework name, Amazon Resource Name (ARN), description, number of controls, creation time, and deployment status.
(dict) --
Contains detailed information about a framework. Frameworks contain controls, which evaluate and report on your backup events and resources. Frameworks generate daily compliance results.
FrameworkName (string) --
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
FrameworkDescription (string) --
An optional description of the framework with a maximum 1,024 characters.
NumberOfControls (integer) --
The number of controls contained by the framework.
CreationTime (datetime) --
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
DeploymentStatus (string) --
The deployment status of a framework. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Exceptions
Returns an array of resources successfully backed up by Backup, including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type.
See also: AWS API Documentation
Request Syntax
response = client.list_protected_resources(
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'Results': [
{
'ResourceArn': 'string',
'ResourceType': 'string',
'LastBackupTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Results (list) --
An array of resources successfully backed up by Backup including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type.
(dict) --
A structure that contains information about a backed-up resource.
ResourceArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
LastBackupTime (datetime) --
The date and time a resource was last backed up, in Unix format and Coordinated Universal Time (UTC). The value of LastBackupTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Exceptions
Returns detailed information about the recovery points stored in a backup vault.
See also: AWS API Documentation
Request Syntax
response = client.list_recovery_points_by_backup_vault(
BackupVaultName='string',
NextToken='string',
MaxResults=123,
ByResourceArn='string',
ByResourceType='string',
ByBackupPlanId='string',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1)
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Note
Backup vault name might not be available when a supported service creates the backup.
dict
Response Syntax
{
'NextToken': 'string',
'RecoveryPoints': [
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'LastRestoreTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
RecoveryPoints (list) --
An array of objects that contain detailed information about recovery points saved in a backup vault.
(dict) --
Contains detailed information about the recovery points stored in a backup vault.
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
The backup vault where the recovery point was originally copied from. If the recovery point is restored to the same account this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan that is used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
StatusMessage (string) --
A message explaining the reason of the recovery point deletion failure.
CreationDate (datetime) --
The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
LastRestoreTime (datetime) --
The date and time a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Returns detailed information about all the recovery points of the type specified by a resource Amazon Resource Name (ARN).
Note
For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.
See also: AWS API Documentation
Request Syntax
response = client.list_recovery_points_by_resource(
ResourceArn='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
The maximum number of items to be returned.
Note
Amazon RDS requires a value of at least 20.
dict
Response Syntax
{
'NextToken': 'string',
'RecoveryPoints': [
{
'RecoveryPointArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'EncryptionKeyArn': 'string',
'BackupSizeBytes': 123,
'BackupVaultName': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
RecoveryPoints (list) --
An array of objects that contain detailed information about recovery points of the specified resource type.
Note
Only Amazon EFS and Amazon EC2 recovery points return BackupVaultName.
(dict) --
Contains detailed information about a saved recovery point.
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
CreationDate (datetime) --
The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
A status code specifying the state of the recovery point.
StatusMessage (string) --
A message explaining the reason of the recovery point deletion failure.
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
BackupSizeBytes (integer) --
The size, in bytes, of a backup.
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Exceptions
Returns details about your report jobs.
See also: AWS API Documentation
Request Syntax
response = client.list_report_jobs(
ByReportPlanName='string',
ByCreationBefore=datetime(2015, 1, 1),
ByCreationAfter=datetime(2015, 1, 1),
ByStatus='string',
MaxResults=123,
NextToken='string'
)
Returns only report jobs that are in the specified status. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
dict
Response Syntax
{
'ReportJobs': [
{
'ReportJobId': 'string',
'ReportPlanArn': 'string',
'ReportTemplate': 'string',
'CreationTime': datetime(2015, 1, 1),
'CompletionTime': datetime(2015, 1, 1),
'Status': 'string',
'StatusMessage': 'string',
'ReportDestination': {
'S3BucketName': 'string',
'S3Keys': [
'string',
]
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ReportJobs (list) --
Details about your report jobs in JSON format.
(dict) --
Contains detailed information about a report job. A report job compiles a report based on a report plan and publishes it to Amazon S3.
ReportJobId (string) --
The identifier for a report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. Report job IDs cannot be edited.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
CreationTime (datetime) --
The date and time that a report job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionTime (datetime) --
The date and time that a report job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
The status of a report job. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
COMPLETED means that the report is available for your review at your designated destination. If the status is FAILED , review the StatusMessage for the reason.
StatusMessage (string) --
A message explaining the status of the report job.
ReportDestination (dict) --
The S3 bucket name and S3 keys for the destination where the report job publishes the report.
S3BucketName (string) --
The unique name of the Amazon S3 bucket that receives your reports.
S3Keys (list) --
The object key that uniquely identifies your reports in your S3 bucket.
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Exceptions
Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan .
See also: AWS API Documentation
Request Syntax
response = client.list_report_plans(
MaxResults=123,
NextToken='string'
)
dict
Response Syntax
{
'ReportPlans': [
{
'ReportPlanArn': 'string',
'ReportPlanName': 'string',
'ReportPlanDescription': 'string',
'ReportSetting': {
'ReportTemplate': 'string',
'FrameworkArns': [
'string',
],
'NumberOfFrameworks': 123
},
'ReportDeliveryChannel': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
'DeploymentStatus': 'string',
'CreationTime': datetime(2015, 1, 1),
'LastAttemptedExecutionTime': datetime(2015, 1, 1),
'LastSuccessfulExecutionTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ReportPlans (list) --
A list of your report plans with detailed information for each plan. This information includes the Amazon Resource Name (ARN), report plan name, description, settings, delivery channel, deployment status, creation time, and last times the report plan attempted to and successfully ran.
(dict) --
Contains detailed information about a report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ReportPlanName (string) --
The unique name of the report plan. This name is between 1 and 256 characters starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
ReportPlanDescription (string) --
An optional description of the report plan with a maximum 1,024 characters.
ReportSetting (dict) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT , this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
ReportTemplate (string) --
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
FrameworkArns (list) --
The Amazon Resource Names (ARNs) of the frameworks a report covers.
NumberOfFrameworks (integer) --
The number of frameworks a report covers.
ReportDeliveryChannel (dict) --
Contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
S3BucketName (string) --
The unique name of the S3 bucket that receives your reports.
S3KeyPrefix (string) --
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
Formats (list) --
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
DeploymentStatus (string) --
The deployment status of a report plan. The statuses are:
CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED
CreationTime (datetime) --
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastAttemptedExecutionTime (datetime) --
The date and time that a report job associated with this report plan last attempted to run, in Unix format and Coordinated Universal Time (UTC). The value of LastAttemptedExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
LastSuccessfulExecutionTime (datetime) --
The date and time that a report job associated with this report plan last successfully ran, in Unix format and Coordinated Universal Time (UTC). The value of LastSuccessfulExecutionTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
NextToken (string) --
An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.
Exceptions
Returns a list of jobs that Backup initiated to restore a saved resource, including details about the recovery process.
See also: AWS API Documentation
Request Syntax
response = client.list_restore_jobs(
NextToken='string',
MaxResults=123,
ByAccountId='string',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1),
ByStatus='PENDING'|'RUNNING'|'COMPLETED'|'ABORTED'|'FAILED'
)
dict
Response Syntax
{
'RestoreJobs': [
{
'AccountId': 'string',
'RestoreJobId': 'string',
'RecoveryPointArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'Status': 'PENDING'|'RUNNING'|'COMPLETED'|'ABORTED'|'FAILED',
'StatusMessage': 'string',
'PercentDone': 'string',
'BackupSizeInBytes': 123,
'IamRoleArn': 'string',
'ExpectedCompletionTimeMinutes': 123,
'CreatedResourceArn': 'string',
'ResourceType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
RestoreJobs (list) --
An array of objects that contain detailed information about jobs to restore saved resources.
(dict) --
Contains metadata about a restore job.
AccountId (string) --
The account ID that owns the restore job.
RestoreJobId (string) --
Uniquely identifies the job that restores a recovery point.
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
CreationDate (datetime) --
The date and time a restore job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Status (string) --
A status code specifying the state of the job initiated by Backup to restore a recovery point.
StatusMessage (string) --
A detailed message explaining the status of the job to restore a recovery point.
PercentDone (string) --
Contains an estimated percentage complete of a job at the time the job status was queried.
BackupSizeInBytes (integer) --
The size, in bytes, of the restored resource.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
ExpectedCompletionTimeMinutes (integer) --
The amount of time in minutes that a job restoring a recovery point is expected to take.
CreatedResourceArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The resource type of the listed restore jobs; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Exceptions
Returns a list of key-value pairs assigned to a target recovery point, backup plan, or backup vault.
ListTags only works for resource types that support full Backup management of their backups. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table.
See also: AWS API Documentation
Request Syntax
response = client.list_tags(
ResourceArn='string',
NextToken='string',
MaxResults=123
)
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the type of resource. Valid targets for ListTags are recovery points, backup plans, and backup vaults.
dict
Response Syntax
{
'NextToken': 'string',
'Tags': {
'string': 'string'
}
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Tags (dict) --
To help organize your resources, you can assign your own metadata to the resources you create. Each tag is a key-value pair.
Exceptions
Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format.
See also: AWS API Documentation
Request Syntax
response = client.put_backup_vault_access_policy(
BackupVaultName='string',
Policy='string'
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
None
Exceptions
Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.
Note
Backup Vault Lock has yet to receive a third-party assessment for SEC 17a-4(f) and CFTC.
See also: AWS API Documentation
Request Syntax
response = client.put_backup_vault_lock_configuration(
BackupVaultName='string',
MinRetentionDays=123,
MaxRetentionDays=123,
ChangeableForDays=123
)
[REQUIRED]
The Backup Vault Lock configuration that specifies the name of the backup vault it protects.
The Backup Vault Lock configuration that specifies the minimum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to retain certain data for at least seven years (2555 days).
If this parameter is not specified, Vault Lock will not enforce a minimum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. The shortest minimum retention period you can specify is 1 day. Recovery points already saved in the vault prior to Vault Lock are not affected.
The Backup Vault Lock configuration that specifies the maximum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to destroy certain data after retaining it for four years (1460 days).
If this parameter is not included, Vault Lock does not enforce a maximum retention period on the recovery points in the vault. If this parameter is included without a value, Vault Lock will not enforce a maximum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. The longest maximum retention period you can specify is 36500 days (approximately 100 years). Recovery points already saved in the vault prior to Vault Lock are not affected.
The Backup Vault Lock configuration that specifies the number of days before the lock date. For example, setting ChangeableForDays to 30 on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31, 2022 at 8pm UTC.
Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable. Therefore, you must set ChangeableForDays to 3 or greater.
Before the lock date, you can delete Vault Lock from the vault using DeleteBackupVaultLockConfiguration or change the Vault Lock configuration using PutBackupVaultLockConfiguration . On and after the lock date, the Vault Lock becomes immutable and cannot be changed or deleted.
If this parameter is not specified, you can delete Vault Lock from the vault using DeleteBackupVaultLockConfiguration or change the Vault Lock configuration using PutBackupVaultLockConfiguration at any time.
None
Exceptions
Turns on notifications on a backup vault for the specified topic and events.
See also: AWS API Documentation
Request Syntax
response = client.put_backup_vault_notifications(
BackupVaultName='string',
SNSTopicArn='string',
BackupVaultEvents=[
'BACKUP_JOB_STARTED'|'BACKUP_JOB_COMPLETED'|'BACKUP_JOB_SUCCESSFUL'|'BACKUP_JOB_FAILED'|'BACKUP_JOB_EXPIRED'|'RESTORE_JOB_STARTED'|'RESTORE_JOB_COMPLETED'|'RESTORE_JOB_SUCCESSFUL'|'RESTORE_JOB_FAILED'|'COPY_JOB_STARTED'|'COPY_JOB_SUCCESSFUL'|'COPY_JOB_FAILED'|'RECOVERY_POINT_MODIFIED'|'BACKUP_PLAN_CREATED'|'BACKUP_PLAN_MODIFIED'|'S3_BACKUP_OBJECT_FAILED'|'S3_RESTORE_OBJECT_FAILED',
]
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events; for example, arn:aws:sns:us-west-2:111122223333:MyVaultTopic .
[REQUIRED]
An array of events that indicate the status of jobs to back up resources to the backup vault.
For common use cases and code samples, see Using Amazon SNS to track Backup events .
The following events are supported:
Note
Ignore the list below because it includes deprecated events. Refer to the list above.
None
Exceptions
Starts an on-demand backup job for the specified resource.
See also: AWS API Documentation
Request Syntax
response = client.start_backup_job(
BackupVaultName='string',
ResourceArn='string',
IamRoleArn='string',
IdempotencyToken='string',
StartWindowMinutes=123,
CompleteWindowMinutes=123,
Lifecycle={
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
RecoveryPointTags={
'string': 'string'
},
BackupOptions={
'string': 'string'
}
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
[REQUIRED]
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.
Specifies the backup option for a selected resource. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
Valid values: Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup. Set to "WindowsVSS""disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
dict
Response Syntax
{
'BackupJobId': 'string',
'RecoveryPointArn': 'string',
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
BackupJobId (string) --
Uniquely identifies a request to Backup to back up a resource.
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
CreationDate (datetime) --
The date and time that a backup job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Starts a job to create a one-time copy of the specified resource.
Does not support continuous backups.
See also: AWS API Documentation
Request Syntax
response = client.start_copy_job(
RecoveryPointArn='string',
SourceBackupVaultName='string',
DestinationBackupVaultArn='string',
IamRoleArn='string',
IdempotencyToken='string',
Lifecycle={
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
}
)
[REQUIRED]
An ARN that uniquely identifies a recovery point to use for the copy job; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
[REQUIRED]
The name of a logical source container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a destination backup vault to copy to; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
[REQUIRED]
Specifies the IAM role ARN used to copy the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
dict
Response Syntax
{
'CopyJobId': 'string',
'CreationDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
CopyJobId (string) --
Uniquely identifies a copy job.
CreationDate (datetime) --
The date and time that a copy job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Starts an on-demand report job for the specified report plan.
See also: AWS API Documentation
Request Syntax
response = client.start_report_job(
ReportPlanName='string',
IdempotencyToken='string'
)
[REQUIRED]
The unique name of a report plan.
A customer-chosen string that you can use to distinguish between otherwise identical calls to StartReportJobInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportJobId': 'string'
}
Response Structure
(dict) --
ReportJobId (string) --
The identifier of the report job. A unique, randomly generated, Unicode, UTF-8 encoded string that is at most 1,024 bytes long. The report job ID cannot be edited.
Exceptions
Recovers the saved resource identified by an Amazon Resource Name (ARN).
See also: AWS API Documentation
Request Syntax
response = client.start_restore_job(
RecoveryPointArn='string',
Metadata={
'string': 'string'
},
IamRoleArn='string',
IdempotencyToken='string',
ResourceType='string'
)
[REQUIRED]
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
[REQUIRED]
A set of metadata key-value pairs. Contains information, such as a resource name, required to restore a recovery point.
You can get configuration metadata about a resource at the time it was backed up by calling GetRecoveryPointRestoreMetadata . However, values in addition to those provided by GetRecoveryPointRestoreMetadata might be required to restore a resource. For example, you might need to provide a new resource name if the original already exists.
You need to specify specific metadata to restore an Amazon Elastic File System (Amazon EFS) instance:
[REQUIRED]
The Amazon Resource Name (ARN) of the IAM role that Backup uses to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Starts a job to restore a recovery point for one of the following resources:
dict
Response Syntax
{
'RestoreJobId': 'string'
}
Response Structure
(dict) --
RestoreJobId (string) --
Uniquely identifies the job that restores a recovery point.
Exceptions
Attempts to cancel a job to create a one-time backup of a resource.
See also: AWS API Documentation
Request Syntax
response = client.stop_backup_job(
BackupJobId='string'
)
[REQUIRED]
Uniquely identifies a request to Backup to back up a resource.
Exceptions
Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).
See also: AWS API Documentation
Request Syntax
response = client.tag_resource(
ResourceArn='string',
Tags={
'string': 'string'
}
)
[REQUIRED]
An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.
[REQUIRED]
Key-value pairs that are used to help organize your resources. You can assign your own metadata to the resources you create. For clarity, this is the structure to assign tags: [{"Key":"string","Value":"string"}] .
None
Exceptions
Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN)
See also: AWS API Documentation
Request Syntax
response = client.untag_resource(
ResourceArn='string',
TagKeyList=[
'string',
]
)
[REQUIRED]
An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.
[REQUIRED]
A list of keys to identify which key-value tags to remove from a resource.
None
Exceptions
Updates an existing backup plan identified by its backupPlanId with the input document in JSON format. The new version is uniquely identified by a VersionId .
See also: AWS API Documentation
Request Syntax
response = client.update_backup_plan(
BackupPlanId='string',
BackupPlan={
'BackupPlanName': 'string',
'Rules': [
{
'RuleName': 'string',
'TargetBackupVaultName': 'string',
'ScheduleExpression': 'string',
'StartWindowMinutes': 123,
'CompletionWindowMinutes': 123,
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'RecoveryPointTags': {
'string': 'string'
},
'CopyActions': [
{
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'DestinationBackupVaultArn': 'string'
},
],
'EnableContinuousBackup': True|False
},
],
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
)
[REQUIRED]
Uniquely identifies a backup plan.
[REQUIRED]
Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules .
The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.
An array of BackupRule objects, each of which specifies a scheduled task that is used to back up a selection of resources.
Specifies a scheduled task used to back up a selection of resources.
A display name for a backup rule. Must contain 1 to 50 alphanumeric or '-_.' characters.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
A CRON expression in UTC specifying when Backup initiates a backup job.
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.
An array of CopyAction objects, which contains the details of the copy operation.
The details of the copy operation.
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
Specifies whether Backup creates continuous backups. True causes Backup to create continuous backups capable of point-in-time restore (PITR). False (or not specified) causes Backup to create snapshot backups.
Specifies a list of BackupOptions for each resource type. These settings are only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
A list of backup options for each resource type.
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
dict
Response Syntax
{
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'VersionId': 'string',
'AdvancedBackupSettings': [
{
'ResourceType': 'string',
'BackupOptions': {
'string': 'string'
}
},
]
}
Response Structure
(dict) --
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
CreationDate (datetime) --
The date and time a backup plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
VersionId (string) --
Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version Ids cannot be edited.
AdvancedBackupSettings (list) --
Contains a list of BackupOptions for each resource type.
(dict) --
A list of backup options for each resource type.
ResourceType (string) --
Specifies an object containing resource type and backup options. The only supported resource type is Amazon EC2 instances with Windows Volume Shadow Copy Service (VSS). For a CloudFormation example, see the sample CloudFormation template to enable Windows VSS in the Backup User Guide .
Valid values: EC2 .
BackupOptions (dict) --
Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.
Valid values:
Set to "WindowsVSS":"enabled" to enable the WindowsVSS backup option and create a Windows VSS backup.
Set to "WindowsVSS":"disabled" to create a regular backup. The WindowsVSS option is not enabled by default.
If you specify an invalid option, you get an InvalidParameterValueException exception.
For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup .
Exceptions
Updates an existing framework identified by its FrameworkName with the input document in JSON format.
See also: AWS API Documentation
Request Syntax
response = client.update_framework(
FrameworkName='string',
FrameworkDescription='string',
FrameworkControls=[
{
'ControlName': 'string',
'ControlInputParameters': [
{
'ParameterName': 'string',
'ParameterValue': 'string'
},
],
'ControlScope': {
'ComplianceResourceIds': [
'string',
],
'ComplianceResourceTypes': [
'string',
],
'Tags': {
'string': 'string'
}
}
},
],
IdempotencyToken='string'
)
[REQUIRED]
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.
Contains detailed information about all of the controls of a framework. Each framework must contain at least one control.
The name of a control. This name is between 1 and 256 characters.
A list of ParameterName and ParameterValue pairs.
A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: "backup plan frequency is at least daily and the retention period is at least 1 year ". The first parameter is daily . The second parameter is 1 year .
The name of a parameter, for example, BackupPlanFrequency .
The value of parameter, for example, hourly .
The scope of a control. The control scope defines what the control will evaluate. Three examples of control scopes are: a specific backup plan, all backup plans with a specific tag, or all backup plans. For more information, see ControlScope .
The ID of the only Amazon Web Services resource that you want your control scope to contain.
Describes whether the control scope includes one or more types of resources, such as EFS or RDS .
The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string. The structure to assign a tag is: [{"Key":"string","Value":"string"}] .
A customer-chosen string that you can use to distinguish between otherwise identical calls to UpdateFrameworkInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'FrameworkName': 'string',
'FrameworkArn': 'string',
'CreationTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
FrameworkName (string) --
The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
FrameworkArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationTime (datetime) --
The date and time that a framework is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings.
See also: AWS API Documentation
Request Syntax
response = client.update_global_settings(
GlobalSettings={
'string': 'string'
}
)
A value for isCrossAccountBackupEnabled and a Region. Example: update-global-settings --global-settings isCrossAccountBackupEnabled=false --region us-west-2 .
Exceptions
Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
This operation does not support continuous backups.
See also: AWS API Documentation
Request Syntax
response = client.update_recovery_point_lifecycle(
BackupVaultName='string',
RecoveryPointArn='string',
Lifecycle={
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
}
)
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Specifies the number of days after creation that a recovery point is moved to cold storage.
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
dict
Response Syntax
{
'BackupVaultArn': 'string',
'RecoveryPointArn': 'string',
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Exceptions
Updates the current service opt-in settings for the Region. If service-opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region. Use the DescribeRegionSettings API to determine the resource types that are supported.
See also: AWS API Documentation
Request Syntax
response = client.update_region_settings(
ResourceTypeOptInPreference={
'string': True|False
},
ResourceTypeManagementPreference={
'string': True|False
}
)
Updates the list of services along with the opt-in preferences for the Region.
Enables or disables full Backup management of backups for a resource type. To enable full Backup management for DynamoDB along with Backup's advanced DynamoDB backup features , follow the procedure to enable advanced DynamoDB backup programmatically .
None
Exceptions
Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.
See also: AWS API Documentation
Request Syntax
response = client.update_report_plan(
ReportPlanName='string',
ReportPlanDescription='string',
ReportDeliveryChannel={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'Formats': [
'string',
]
},
ReportSetting={
'ReportTemplate': 'string',
'FrameworkArns': [
'string',
],
'NumberOfFrameworks': 123
},
IdempotencyToken='string'
)
[REQUIRED]
The unique name of the report plan. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
A structure that contains information about where to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.
The unique name of the S3 bucket that receives your reports.
The prefix for where Backup Audit Manager delivers your reports to Amazon S3. The prefix is this part of the following path: s3://your-bucket-name/prefix /Backup/us-west-2/year/month/day/report-name. If not specified, there is no prefix.
A list of the format of your reports: CSV , JSON , or both. If not specified, the default format is CSV .
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT , this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
The Amazon Resource Names (ARNs) of the frameworks a report covers.
The number of frameworks a report covers.
A customer-chosen string that you can use to distinguish between otherwise identical calls to UpdateReportPlanInput . Retrying a successful request with the same idempotency token results in a success message with no action taken.
This field is autopopulated if not provided.
dict
Response Syntax
{
'ReportPlanName': 'string',
'ReportPlanArn': 'string',
'CreationTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
ReportPlanName (string) --
The unique name of the report plan.
ReportPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
CreationTime (datetime) --
The date and time that a report plan is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Exceptions
The available paginators are: