备份自动备份

自动备份  时间:2021-02-27  阅读:()
AWSBackup开发人员指南AWSBackup开发人员指南AWSBackup:开发人员指南AWSBackup开发人员指南TableofContents什么是AWSBackup1支持的资源1AWSBackup概述1集中式备份管理1跨区域备份2跨账户管理2基于策略的备份解决方案2基于标记的备份策略2备份活动监控2生命周期管理策略2备份访问策略3入门3工作原理4使用其他服务4配置服务以使用AWSBackup4使用AmazonFSx文件系统5使用AmazonEC25使用AmazonEFS7使用AmazonDynamoDB7使用AmazonEBS8使用AmazonRDS和AmazonAurora8使用AWSStorageGateway8AWS服务如何备份自己的资源8跨区域备份9跨账户管理9计量备份和定价使用情况10博客、视频和其他资源10设置11注册AWS11创建IAM用户11入门13Prerequisites13选项1:创建按需备份14后续步骤15选项2:创建计划备份15步骤1:通过修改现有备份计划来创建备份计划16步骤2:将资源分配给备份计划16步骤3:创建备份文件库17后续步骤18选项3:创建自动备份18监控您的备份作业18查看备份作业的状态19查看文件库中的所有备份19查看受保护资源的详细信息19后续步骤19还原备份19后续步骤20清理资源20步骤1:删除还原的AWS资源21步骤2:删除备份计划21步骤3:删除恢复点21步骤4:删除备份文件库21管理备份计划22创建备份计划22iiiAWSBackup开发人员指南使用AWS管理控制台创建备份计划22备份计划选项和配置22分配资源24删除备份计划25更新备份计划25使用备份保管库26创建备份文件库26备份文件库名称26KMS加密主密钥26备份文件库标签26在备份文件库和恢复点上设置访问策略26拒绝对备份文件库中的资源类型的访问27拒绝对备份文件库的访问27拒绝删除备份文件库中的恢复点28删除备份文件库29使用备份30创建备份31按需备份31VSS支持的Windows备份32创建备份副本33还原备份34使用控制台35使用AWSCLI或API41停止备份作业42查看备份列表42按受保护资源列出备份43按备份文件库列出备份43编辑备份43跨多个账户管理备份45在管理账户中创建组织45启用跨账户管理46创建备份策略46监控多个AWS账户中的活动49定义策略、策略语法和策略继承49安全性50数据保护50AWS中的备份的加密51IdentityandAccessManagement52Authentication52访问控制53IAM服务角色67服务相关角色68日志记录和监控70合规性验证70弹性70基础设施安全性71配额72使用AmazonSNS跟踪事件73AWSBackup通知APIs73已完成的事件74示例:已完成的事件74AWSBackup通知命令示例75放置备份文件库通知示例75获取备份文件库通知示例75删除备份文件库通知示例75将AWSBackup指定为服务委托人76使用AWSCloudTrail记录AWSBackupAPI调用78ivAWSBackup开发人员指南CloudTrail中的AWSBackup信息78了解AWSBackup日志文件条目79记录跨账户管理事件81示例:用于跨账户管理的AWSBackup日志文件条目82将AWSCloudFormation模板与AWSBackup结合使用84将AWSBackup与AWSCloudFormation集成84AWSBackup问题排查87排查一般问题87创建资源故障排除87删除资源故障排除88AWSBackupAPI89Actions89CreateBackupPlan91CreateBackupSelection95CreateBackupVault98DeleteBackupPlan101DeleteBackupSelection104DeleteBackupVault106DeleteBackupVaultAccessPolicy108DeleteBackupVaultNotifications110DeleteRecoveryPoint112DescribeBackupJob114DescribeBackupVault119DescribeCopyJob122DescribeGlobalSettings124DescribeProtectedResource126DescribeRecoveryPoint128DescribeRegionSettings133DescribeRestoreJob135ExportBackupPlanTemplate139GetBackupPlan141GetBackupPlanFromJSON145GetBackupPlanFromTemplate148GetBackupSelection151GetBackupVaultAccessPolicy154GetBackupVaultNotifications156GetRecoveryPointRestoreMetadata159GetSupportedResourceTypes161ListBackupJobs163ListBackupPlans166ListBackupPlanTemplates169ListBackupPlanVersions171ListBackupSelections174ListBackupVaults176ListCopyJobs178ListProtectedResources181ListRecoveryPointsByBackupVault183ListRecoveryPointsByResource186ListRestoreJobs189ListTags192PutBackupVaultAccessPolicy194PutBackupVaultNotifications196StartBackupJob198StartCopyJob202StartRestoreJob205StopBackupJob208TagResource210vAWSBackup开发人员指南UntagResource212UpdateBackupPlan214UpdateGlobalSettings217UpdateRecoveryPointLifecycle219UpdateRegionSettings222DataTypes223AdvancedBackupSetting225BackupJob226BackupPlan230BackupPlanInput231BackupPlansListMember232BackupPlanTemplatesListMember234BackupRule235BackupRuleInput237BackupSelection239BackupSelectionsListMember240BackupVaultListMember242CalculatedLifecycle244Condition245CopyAction246CopyJob247Lifecycle250ProtectedResource251RecoveryPointByBackupVault252RecoveryPointByResource255RecoveryPointCreator257RestoreJobsListMember258CommonErrors260AWS词汇表262文档历史记录263cclxvviAWSBackup开发人员指南支持的资源什么是AWSBackupAWSBackup是一项完全托管的备份服务,可在云中以及本地方便地集中管理和自动执行跨AWS服务的数据备份.
使用AWSBackup,您可以在一个位置配置备份策略并监控AWS资源的备份活动.
AWSBackup自动执行并整合以前逐个服务执行的备份任务,消除了创建自定义脚本和手动过程的需求.
只需在AWSBackup控制台中单击几下,您就可以创建各种备份策略,从而自动执行备份计划和保留管理工作.
AWSBackup提供了完全托管的备份服务和基于策略的备份解决方案,可以简化备份管理工作,并使您能够满足业务和法规备份合规性要求.
支持的资源以下是可以使用AWSBackup备份和还原的AWS资源.
支持的服务支持的资源AmazonFSxAmazonFSx文件系统AmazonElasticFileSystem(AmazonEFS)AmazonEFS文件系统AmazonDynamoDBDynamoDB表AmazonElasticComputeCloud(AmazonEC2)AmazonEC2实例*AmazonElasticBlockStore(AmazonEBS)AmazonEBS卷AmazonRelationalDatabaseService(AmazonRDS)AmazonRDS数据库**AmazonAuroraAurora集群AWSStorageGateway(卷网关)AWSStorageGateway卷*AWSBackup不支持AmazonEC2实例存储支持的实例.
**AWSBackup当前支持包括AmazonAurora在内的所有AmazonRDS数据库引擎.
AWSBackup概述AWSBackup具有以下特性和功能.
集中式备份管理AWSBackup提供了集中的备份控制台、一组备份APIs以及AWSCommandLineInterface(AWSCLI),可用于跨应用程序使用的AWS服务管理备份.
使用AWSBackup,您可以集中管理满足备份需求的备份策1AWSBackup开发人员指南跨区域备份略.
然后,您可以将其跨AWS服务应用于您的AWS资源,使您可以通过一致且合规的方式来备份应用程序数据.
AWSBackup的集中式备份控制台提供了备份和备份活动日志的整合视图,使您可以更轻松地审计备份,并确保合规性.
跨区域备份使用AWSBackup,您可以按需将备份复制到多个不同的AWS区域,也可以将备份作为定期备份计划的一部分自动复制.
如果您需要将备份存储在最接近生产数据的位置以满足业务连续性或合规性要求,则跨区域备份会特别有用.
跨账户管理您可以使用AWSBackup跨AWSOrganizations结构内的所有AWS账户管理备份.
借助跨账户管理,您可以自动使用备份策略跨组织内的AWS账户应用备份计划.
这使得合规性和数据保护能够大规模产生效用,并减少了运营开销.
它还有助于避免跨各个账户手动复制备份计划.
在使用跨账户管理功能之前,必须已在AWSOrganizations中配置了现有组织结构.
组织单位(OU)是一组可作为单个实体进行管理的账户.
AWSOrganizations是一个可分组成组织单位并作为单个实体进行管理的账户列表.
有关跨账户管理的更多信息,请参阅跨多个AWS账户管理AWSBackup资源(p.
45).
基于策略的备份解决方案使用AWSBackup,您可以创建称为备份计划的备份策略.
使用这些备份计划定义您的备份需求,然后跨所用的AWS服务,将其应用到您需要保护的AWS资源.
您可以创建单独的备份计划,分别满足特定业务及监管合规性要求.
这有助于确保根据您的要求备份各个AWS资源.
通过备份计划,您可以使用可扩展的方式,轻松地在组织中跨您的应用程序实施备份策略.
基于标记的备份策略您可以使用AWSBackup,通过对AWS资源进行标记来对其应用备份计划.
通过标记,您可以轻松地跨所有应用程序实施备份策略,并确保所有AWS资源都进行了备份并得到了保护.
AWS标记是对AWS资源进行组织和分类的好方法.
通过与AWS标记集成,您可以将备份计划快速应用于一组AWS资源,以便以一致且合规的方式对资源进行备份.
备份活动监控AWSBackup提供了一个控制面板,可用于轻松审计跨AWS服务的备份和还原活动.
只需在AWSBackup控制台上单击数次,您便可以查看最近备份作业的状态.
您还可以跨AWS服务还原作业,确保您的AWS资源得到妥善保护.
AWSBackup与AWSCloudTrail集成.
CloudTrail为您提供了整合的备份活动日志视图,使您可以快速便捷地审计资源的备份情况.
AWSBackup还与AmazonSimpleNotificationService(AmazonSNS)集成,为您提供备份活动通知,例如备份成功或已启动还原操作.
生命周期管理策略利用AWSBackup,您可以将备份存储在低成本冷存储层中,从而满足合规性要求,并最大程度地降低备份存储成本.
您可以配置生命周期策略,它将根据您定义的计划自动将备份从热存储转换到冷存储.
目前,只有AmazonEFS文件系统备份可以转换为冷存储.
对于AmazonEBS、AmazonRDS、AmazonAurora、AmazonDynamoDB和AWSStorageGateway的备份,将忽略冷存储表达式.
2AWSBackup开发人员指南备份访问策略备份访问策略AWSBackup为您的备份保管库提供基于资源的访问策略,以便定义能够访问您的备份的人员.
您可以为备份文件库定义访问策略,用于定义有权访问备份文件库中备份的人员以及这些人员可以采取的操作.
这提供了一种简单而安全的方法来控制对跨AWS服务备份的访问,并有助于满足合规性要求.
入门要了解有关AWSBackup的更多信息,我们建议您从以下几个部分入手:AWSBackup:工作方式(p.
4)开始使用AWSBackup(p.
13)AWSBackup开发人员指南API_Operations.
html3AWSBackup开发人员指南使用其他服务AWSBackup:工作方式AWSBackup是一项完全托管的备份服务,让您可以轻松地集中管理和自动执行跨AWS服务的数据备份.
使用AWSBackup,您可以创建称为备份计划的备份策略.
您可以使用这些计划来定义备份要求,例如数据的备份频率以及这些备份的保留时间.
利用AWSBackup,您只需标记备份计划即可将其应用于AWS资源.
之后,AWSBackup将自动根据您定义的备份计划备份AWS资源.
以下部分介绍了AWSBackup的工作原理、其实施详细信息以及安全注意事项.
主题AWSBackup如何与其他AWS服务协同工作(p.
4)跨区域备份(p.
9)跨账户管理的工作原理(p.
9)计量备份和定价使用情况(p.
10)AWSBackup博客、视频和其他资源(p.
10)AWSBackup如何与其他AWS服务协同工作许多AWS服务提供帮助您保护数据的备份功能.
这些功能包括AmazonElasticBlockStore(AmazonEBS)快照、AmazonRelationalDatabaseService(AmazonRDS)快照、AmazonDynamoDB备份、AWSStorageGateway快照等.
AWSBackup使用这些AWS服务的现有功能实施其备份功能.
主题配置服务以使用AWSBackup(p.
4)使用AmazonFSx文件系统(p.
5)使用AmazonEC2(p.
5)使用AmazonEFS(p.
7)使用AmazonDynamoDB(p.
7)使用AmazonEBS(p.
8)使用AmazonRDS和AmazonAurora(p.
8)使用AWSStorageGateway(p.
8)AWS服务如何备份自己的资源(p.
8)配置服务以使用AWSBackup当新的AWS服务变得可用时,您必须启用AWSBackup才能使用这些服务.
如果您尝试使用未启用的服务中的资源来创建按需备份或备份计划,则会收到错误消息,并且无法完成此过程.
Note选择加入服务设置是特定于区域的.
如果您更改正在使用的AWS区域,则必须重新配置与AWSBackup结合使用的服务.
配置与AWSBackup结合使用的服务1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
4AWSBackup开发人员指南使用AmazonFSx文件系统2.
在导航窗格中,选择Settings.
3.
在选择加入服务页面上,选择配置资源.
使用切换开关启用或禁用与AWSBackup结合使用的服务.
4.
在配置服务时选择确认.
AWSBackup使用AWS服务的现有备份功能来实施其集中功能.
例如,当您创建了备份计划后,AWSBackup在根据备份计划代表您创建备份时使用EBS快照功能.
各个服务的备份功能仍继续可用.
例如,您可使用AmazonElasticComputeCloud(AmazonEC2)API生成EBS卷的快照.
AWSBackup提供了通用的方法,可以跨AWS云和本地的AWS服务管理备份.
AWSBackup具有集中的备份控制台,提供备份计划、保留管理以及备份监控等功能.
Note使用AWSBackup创建的备份无法使用属于备份资源的APIs删除.
有关使用AWSBackupAPI删除恢复点的信息,请参阅DeleteRecoveryPoint(p.
112).
使用AmazonFSx文件系统支持备份和还原AWSBackup文件系统.
AmazonFSx为工作负载提供完全托管的第三方文件系统,具有本机兼容性和功能集,例如基于MicrosoftWindows的存储、高性能计算、机器学习和电子设计自动化.
AmazonFSxAmazonFSx支持两种文件系统类型:Lustre和WindowsFileServer.
您可以备份任何AmazonFSxforWindowsFileServer文件系统以及具有持久性存储且未链接到数据存储库(如AmazonFSxforLustre)的任何AmazonS3文件系统.
AWSBackup使用AmazonFSx的内置备份功能.
因此,从AWSBackup控制台获取的备份具有相同级别的文件系统一致性和性能,并且与通过AmazonFSx控制台获取的备份具有相同的还原选项.
如果您使用AWSBackup管理这些备份,您将获得额外功能,例如无限的保留选项,并且每小时可以频繁创建计划备份.
此外,即使删除了源文件系统,AWSBackup也会保留您的不可变备份.
这可防止意外或恶意删除.
如果要配置备份策略并从还扩展对其他AWS服务的支持的中央备份控制台监控备份任务,请使用AWSBackup保护AmazonFSx文件系统.
如何备份资源:开始使用AWSBackup(p.
13)如何还原AmazonFSx资源:还原AmazonFSx文件系统(p.
35)有关AmazonFSx文件系统的详细信息,请参阅AmazonFSx文档.
使用AmazonEC2使用AWSBackup,您可以计划或执行按需备份作业,这些作业包含整个EC2实例以及在AmazonEC2上运行的Windows应用程序以及关联的配置数据.
这限制了您与存储(AmazonEBS)卷交互的需求.
同样,您可以从单个恢复点还原整个AmazonEC2实例.
备份作业只能有一个资源.
因此,您可以有一个备份EC2实例的任务,它将备份根卷、所有数据卷和关联的实例配置.
备份AmazonEC2资源在对AmazonEC2实例进行备份时,AWSBackup将为根AmazonEBS存储卷、启动配置和所有关联的EBS卷拍摄快照.
AWSBackup将存储EC2实例的某些配置参数,包括实例类型、安全组、AmazonVPC、监控配置和标签.
备份数据存储为AmazonEBS卷支持的Amazon系统映像(AMI).
您还可以备份和还原启用了VSS的MicrosoftWindows应用程序.
您可以计划应用程序一致性备份、定义生命周期策略,以及作为按需备份或计划备份计划的一部分执行一致还原.
有关更多信息,请参阅创建启用VSS的Windows备份(p.
32).
5AWSBackup开发人员指南使用AmazonEC2AWSBackup不会备份以下内容:ElasticInference加速器的配置(如果它已附加到实例).
启动实例时使用的用户数据.
Note对于所有实例类型,仅AmazonEBS支持EC2实例受支持.
临时存储实例(即实例存储支持的实例)不受支持.
AWSBackup可以对与AmazonEC2备份关联的EBS快照进行加密.
这与它加密EBS快照的方式类似.
AWSBackup在创建AmazonEC2AMI快照时使用在底层EBS卷上应用的相同加密,并且原始实例的配置参数将保留在还原元数据中.
快照从您定义的卷中派生其加密,并且相同的加密将应用于相应的快照.
将始终加密复制的AMI的EBS快照.
如果在复制过程中使用KMS密钥,则将应用该密钥.
如果未使用KMS密钥,则将应用默认KMS密钥.
还原AmazonEC2资源您可以使用AWSBackup控制台、AWSCommandLineInterface(AWSCLI)或API还原AmazonEC2资源.
控制台提供了用于还原资源的交互式用户界面,但其功能是受限的.
目前,您无法使用AWSBackup控制台配置以下还原参数.
NetworkInterfaces=[{"AssociatePublicIpAddress":true,"DeleteOnTermination":false,"Description":"testnetworkinterface","DeviceIndex":1,"Groups":["yournic_groups_id"],"Ipv6AddressCount":1,"Ipv6Addresses":[{"Ipv6Address1":"ipv6_address2"}],"NetworkInterfaceId":"yournic_interface_id","PrivateIpAddress":"yourprivate_ip_address","PrivateIpAddresses":[{"Primary":true,"PrivateIpAddress":"private_ip_address_1"},{"Primary":false,"PrivateIpAddress":"private_ip_address_2"}],"SecondaryPrivateIpAddressCount":1,"SubnetId":"nic_subnet_id","InterfaceType":"interface"}],ElasticGpuSpecification=[{"Type":"test_elastic_gpu_type"}],CapacityReservationSpecification={"CapacityReservationPreference":"none"},6AWSBackup开发人员指南使用AmazonEFSInstanceMarketOptions={"MarketType":"spot","SpotOptions":{"MaxPrice":"test_spot_price_value","SpotInstanceType":"persistent","BlockDurationMinutes":20,"ValidUntil":"2019-12-16T12:34:56.
000Z","InstanceInterruptionBehavior":"hibernate"}},LicenseSpecifications=[{"LicenseConfigurationArn":"your_license_configuration_arn"}],但是,您可以使用AWSCLI和API执行完整还原.
有关还原参数的更多信息,请参阅run-instances.
EC2实例的所有还原配置都应作为还原元数据提供,后者是密钥/值对的映射.
密钥是配置的名称,值本身是JSON序列化字符串.
Note在还原备份时,AWSBackup不允许变更SSH密钥对,因此您只能使用备份的密钥对进行还原.
AWSBackup不允许您修改实例配置文件,以防止发生权限升级.
您可以选择不从AWSBackup中应用此功能,但如果要更改它,则可以从EC2应用它.
要使用原始实例配置文件成功执行还原操作,您必须编辑还原策略.
如果您在还原期间应用实例配置文件,则必须更新操作员角色并向AmazonEC2添加基础实例配置文件角色的PassRole权限.
否则,AmazonEC2将无法授予实例启动权限,从而导致启动失败.
Note从AWSBackup进行还原时,可用于从EC2运行实例API启动实例的配置的所有配额和限制都将适用.
如何备份资源:开始使用AWSBackup(p.
13)如何还原AmazonEC2资源:还原AmazonEC2实例(p.
40)有关AmazonEC2的详细信息,请参阅什么是AmazonEC2.
使用AmazonEFS目前,AWSBackup支持AmazonElasticFileSystem(AmazonEFS).
如何备份资源:开始使用AWSBackup(p.
13)如何还原AmazonEFS资源:还原AmazonEFS文件系统(p.
37)有关AmazonEFS文件系统的详细信息,请参阅什么是AmazonElasticFileSystem.
使用AmazonDynamoDB目前,AWSBackup支持AmazonDynamoDB(DynamoDB).
如何备份资源:开始使用AWSBackup(p.
13)7AWSBackup开发人员指南使用AmazonEBS如何还原DynamoDB资源:还原AmazonDynamoDB数据库(p.
38)有关DynamoDB的详细信息,请参阅什么是AmazonDynamoDB.
使用AmazonEBS目前,AWSBackup支持AmazonElasticBlockStore(AmazonEBS)卷.
如何备份资源:开始使用AWSBackup(p.
13)如何还原AmazonEBS卷:还原AmazonEBS卷(p.
37)有关AmazonEBS卷的详细信息,请参阅什么是AmazonElasticBlockStore(AmazonEBS).
有关更多信息,请参阅中的AmazonEBS创建卷.
AmazonEC2用户指南(适用于Linux实例)使用AmazonRDS和AmazonAurora目前,AWSBackup支持AmazonRDS数据库引擎和Aurora集群.
如何备份资源:开始使用AWSBackup(p.
13)如何还原AmazonRDS资源:还原AmazonRDS数据库(p.
39)如何还原AmazonAurora集群:还原AmazonAurora集群(p.
40)有关AmazonRelationalDatabaseService的详细信息,请参阅什么是AmazonRelationalDatabaseService.
有关Aurora的详细信息,请参阅什么是AmazonAurora.
Note如果您从AmazonRDS控制台启动备份作业,这可能会与Aurora集群备份作业冲突,从而导致错误Backupjobexpiredbeforecompletion,如果发生这种情况,请在AWSBackup中配置较长的备份时段.
使用AWSStorageGatewayAmazonEBS快照可以作为AWSStorageGateway卷进行还原.
如何备份资源:开始使用AWSBackup(p.
13)有关AWSStorageGateway的详细信息,请参阅什么是AWSStorageGateway.
AWS服务如何备份自己的资源有关如何使用特定AWS服务备份其资源的信息,请参阅以下内容:将AWSBackup与结合使用AmazonFSxAmazonEC2相关服务将AWSBackup与结合使用AmazonEFS的按需备份和还原DynamoDBAmazonEBS快照备份和还原AmazonRDS数据库实例8AWSBackup开发人员指南跨区域备份备份和还原Aurora数据库集群概述在中备份您的卷AWSStorageGateway跨区域备份利用AWSBackup,您可以按需将备份复制到多个AWS区域,也可以将备份作为定期备份计划的一部分自动复制.
如果您需要将备份存储在最接近生产数据的位置以满足业务连续性或合规性要求,则跨区域复制会特别有用.
您可以使用AWSBackup控制台、AWSCommandLineInterface(AWSCLI)或AWSBackupAPI复制以下资源的备份,并根据需要在不同的区域中定义不同的备份生命周期:AmazonElasticFileSystem(AmazonEFS)文件系统Note复制规则位于计划级别.
如果要将不同的复制规则应用于文件系统的子集,您应创建新的计划.
AmazonElasticBlockStore(AmazonEBS)卷AmazonRelationalDatabaseService(AmazonRDS)数据库和AmazonAurora集群AWSStorageGateway卷您还可以从存储在不同的区域中的备份进行恢复.
有关创建副本的信息,请参阅创建备份副本(p.
33).
跨区域备份在AWSBackup中可用的所有AWS区域(亚太地区(香港)和中东(巴林)除外)中可用.
Important为避免产生额外费用,我们建议您不要设置主动备份、复制和保留策略.
在进程遇到延迟时,大量备份、复制和保留策略可能会产生额外成本.
例如,此类延迟可能导致目标区域中的备份在进行源的增量备份之前生命周期.
这将导致您产生完全备份复制和存储费用.
由于前面介绍的潜在情况,我们强烈建议采用比每周频率更高的保留策略.
请联系您的技术客户经理或解决方案架构师以获取具体指导.
跨账户管理的工作原理使用AWSBackup,您可以跨AWSOrganizations中的所有AWS账户管理备份.
借助跨账户管理,您可以使用备份策略跨您的账户自动应用备份计划.
还可以创建使用基于标签的资源选择的备份策略,并将其应用于组织中的所有账户或各个账户以保护其本地资源.
要跨AWS账户管理受保护的资源,您需要在管理账户中创建一个AWSOrganizations.
有关AWSOrganizations如何工作的信息,请参阅中的AWSOrganizations术语和概念.
AWSOrganizations用户指南组织单位(OU)是整理组织中的成员账户的层次结构的一层.
您还可以邀请现有AWS账户加入您的组织.
您可以创建使用基于标签的资源选择的备份策略,并将其应用于组织中的所有账户.
您还可以将其应用于各个账户,以使用此策略保护其本地资源.
例如,您可以定义一个备份策略A,该策略每天对特定资源进行备份并将备份保留7天.
您可以选择将备份策略A应用于整个组织.
(这意味着,组织中的每个账户都会获得该备份策略,该策略会创建一个在该账户中可见的对应备份计划.
)然后,您创建一个名为Finance的OU,并决定仅将其备份保留30天.
在这种情况下,您定义一个备份策略B,该策略将覆盖生命周期值,并将其附加到FinanceOU.
这意味着FinanceOU下的所有账户都会获得一个新的有效备份计划,该计划每天对所有指定的资源进行备份,并将备份保留30天.
在此示例中,备份策略A和备份策略B合并为一个有效备份策略,该策略为名为Finance的OU下的所有账户定义保护策略.
组织中的所有其他账户仍受备份策略A的保护.
合并仅适用于共享相同备份计划名称的备份9AWSBackup开发人员指南计量备份和定价使用情况策略.
还可以让策略A和策略B在该账户中共存,而无需进行任何合并.
只能在控制台的JSON视图中使用高级合并运算符.
有关合并策略的详细信息,请参阅AWSOrganizations用户指南中的定义策略、策略语法和策略继承(p.
49).
有关跨账户管理的更多信息,请参阅跨多个AWS账户管理AWSBackup资源(p.
45).
计量备份和定价使用情况现有备份功能(AmazonEFS除外)的备份用量将继续按照其各自的服务计量和收费,定价保持不变.
在AWS服务按照现有备份存储定价收取的费用(例如AmazonEBS快照存储费)之外,使用AWSBackup集中备份功能没有额外的费用.
对于AmazonEC2实例备份的使用,不收取额外费用.
对于AWSBackup中引入的服务,例如AmazonEFS,其备份用量由AWSBackup计量和收费.
有关更多信息,请参阅AWSBackup定价.
Important为避免产生额外费用,我们建议您不要设置主动备份、复制和保留策略.
在进程遇到延迟时,大量备份、复制和保留策略可能会产生额外成本.
例如,此类延迟可能会导致目标区域中的备份在进行源的增量备份之前生命周期.
这将导致您产生完全备份复制和存储费用.
由于前面介绍的潜在情况,我们强烈建议采用比每周频率更高的保留策略.
请联系您的技术客户经理或解决方案架构师以获取具体指导.
AWSBackup博客、视频和其他资源有关AWSBackup的更多信息(包括好处、使用案例、博客和视频),请参阅:视频:AWSBackup博客:使用保护您的数据AWSBackup博客:使用AWSBackup的具有跨区域复制的集中式跨账户管理10AWSBackup开发人员指南注册AWS设置首次使用AWSBackup前,请完成以下任务:1.
注册AWS(p.
11)2.
创建IAM用户(p.
11)注册AWS当您注册AmazonWebServices(AWS)时,您的AWS账户会自动注册AWS中的所有服务,包括AWSBackup.
您只需为使用的服务付费.
有关AWSBackup使用费率的更多信息,请参阅"AWSBackup定价"页面.
如果您是AWS新客户,还可以免费试用AWSBackup.
有关更多信息,请参阅AWS免费使用套餐.
如果您已有一个AWS账户,请跳到下一个任务.
如果您还没有AWS账户,请使用以下步骤创建.
如何创建AWS账户1.
打开https://portal.
amazonaws.
cn/billing/signup.
2.
按照屏幕上的说明进行操作.
在注册时,您将接到一通电话,要求您使用电话键盘输入一个验证码.
请记下您的AWS账号,因为在下一个任务中您会用到它.
创建IAM用户AWS中的服务(例如AWSBackup)要求您在访问时提供凭证,以便服务可以确定您是否有权访问其资源.
AWS建议不要使用AWS账户根用户发起请求.
而应创建一个IAM用户并授予该用户完全访问权限.
我们将这些用户称为管理员用户.
您可以使用管理员用户凭证而不是AWS账户根用户凭证来与AWS交互和执行任务,例如创建存储桶、创建用户以及向用户授予权限.
有关更多信息,请参阅AWS账户根用户账户凭证与IAM用户凭证(在AWS一般参考中)和IAM最佳实践(在IAM用户指南中).
如果您已注册AWS但尚未为自己创建一个IAM用户,则可以使用IAM控制台自行创建.
自行创建管理员用户并将该用户添加到管理员组(控制台)1.
通过选择根用户,然后输入您的AWS账户的电子邮件地址,以账户拥有者身份登录到IAM控制台.
在下一页上,输入您的密码.
Note强烈建议您遵守以下使用AdministratorIAM用户的最佳实践,妥善保存根用户凭证.
只在执行少数账户和服务管理任务时才作为根用户登录.
2.
在导航窗格中,选择用户,然后选择添加用户.
3.
对于Username(用户名),输入Administrator.
4.
选中AWS管理控制台访问旁边的复选框.
然后选择自定义密码,并在文本框中输入新密码.
11AWSBackup开发人员指南创建IAM用户5.
(可选)默认情况下,AWS要求新用户在首次登录时创建新密码.
您可以清除Usermustcreateanewpasswordatnextsign-in(用户必须在下次登录时创建新密码)旁边的复选框以允许新用户在登录后重置其密码.
6.
选择下一步:权限.
7.
在设置权限下,选择将用户添加到组.
8.
选择创建组.
9.
在Creategroup(创建组)对话框中,对于Groupname(组名称),输入Administrators.
10.
选择Filterpolicies(筛选策略),然后选择AWSmanaged-jobfunction(AWS托管的工作职能)以筛选表内容.
11.
在策略列表中,选中AdministratorAccess的复选框.
然后选择Creategroup(创建组).
Note您必须先激活IAM用户和角色对账单的访问权限,然后才能使用AdministratorAccess权限访问AWSBillingandCostManagement控制台.
为此,请按照"向账单控制台委派访问权限"教程第1步中的说明进行操作.
12.
返回到组列表中,选中您的新组所对应的复选框.
如有必要,选择Refresh以在列表中查看该组.
13.
选择下一步:标签.
14.
(可选)通过以键值对的形式附加标签来向用户添加元数据.
有关在IAM中使用标签的更多信息,请参阅IAM用户指南中的标记IAM实体.
15.
选择Next:Review(下一步:审核)以查看要添加到新用户的组成员资格的列表.
如果您已准备好继续,请选择Createuser.
您可使用此相同的流程创建更多的组和用户,并允许您的用户访问AWS账户资源.
要了解有关使用策略限制用户对特定AWS资源的权限的信息,请参阅访问管理和示例策略.
要以此新IAM用户的身份登录,请从AWS管理控制台注销.
然后使用以下URL,其中your_aws_account_id是不带连字符的AWS账号(例如,如果您的AWS账号是1234-5678-9012,则AWS账户ID是123456789012):https://your_aws_account_id.
signin.
www.
amazonaws.
cn/console/输入您刚创建的IAM用户名和密码.
登录后,导航栏显示your_user_name@your_aws_account_id.
如果您不希望您的登录页面URL包含AWS账户ID,可以创建账户别名.
从IAM控制面板中,单击CreateAccountAlias(创建账户别名),然后输入一个别名,例如您的公司名称.
要在创建账户别名后登录,请使用以下URL:https://your_account_alias.
signin.
www.
amazonaws.
cn/console/要为您的账户验证IAM用户的登录链接,请打开IAM控制台并在控制面板的AWSAccountAlias下进行检查.
12AWSBackup开发人员指南Prerequisites开始使用AWSBackup本教程介绍如何执行使用AWSBackup备份和还原资源所需的任务.
主题Prerequisites(p.
13)选项1:创建按需备份(p.
14)选项2:创建计划备份(p.
15)选项3:创建自动备份(p.
18)监控您的备份作业并验证您的资源是否受保护(p.
18)还原备份(p.
19)清理资源(p.
20)Prerequisites在您开始之前,请确保您已拥有以下各项:AWS账户.
有关更多信息,请参阅设置(p.
11).
AmazonElasticBlockStore(AmazonEBS)卷.
有关更多信息,请参阅中的AmazonEBS创建卷.
AmazonEC2用户指南(适用于Linux实例)有关AmazonEBS的信息,请参阅AmazonElasticBlockStore(AmazonEBS).
您应该熟悉所要备份的AWS服务和资源.
AWSBackup目前支持以下服务和资源:AmazonFSx有关信息,请参阅中的AmazonFSxforLustre入门或中的AmazonFSxforLustre用户指南入门.
AmazonFSxforWindowsFileServerAmazonFSxforWindowsFileServer用户指南AmazonElasticComputeCloud(AmazonEC2)有关信息,请参阅中的AmazonEC2Windows实例入门或中的AmazonEC2用户指南(适用于Windows实例)AmazonEC2Linux实例入门.
https://docs.
amazonaws.
cn/AWSEC2/latest/UserGuide/EC2_GetStarted.
htmlAmazonEC2用户指南(适用于Linux实例)AmazonElasticFileSystem(AmazonEFS)有关信息,请参阅AmazonElasticFileSystem中的入门.
AmazonElasticFileSystem用户指南AmazonDynamoDB有关信息,请参阅DynamoDB中的入门.
AmazonDynamoDB开发人员指南AmazonRelationalDatabaseService(AmazonRDS)和AmazonAurora有关AmazonRDS的信息,请参阅中的AmazonRDS入门.
AmazonRDS用户指南有关AmazonAurora的信息,请参阅用户指南中的备份和还原Aurora数据库集群概述AmazonAurora.
AWSStorageGateway13AWSBackup开发人员指南选项1:创建按需备份有关信息,请参阅https://docs.
amazonaws.
cn/storagegateway/latest/userguide/create-volume-gateway-volume.
html中的创建卷网关AWSStorageGateway用户指南.
当新的AWS服务变得可用时,允许AWSBackup使用这些服务.
配置AWS服务以与AWSBackup结合使用1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在导航窗格中,选择Settings.
3.
在选择加入服务页面上,选择配置资源.
4.
在Configureresources(配置资源)页面上,使用切换开关启用或禁用与AWSBackup结合使用的服务.
在配置服务时选择确认.
请确保您选择使用的AWS服务在您的AWS区域中可用.
有关支持的区域的信息,请参阅AWS一般参考中的服务终端节点和配额.
Note如果您在为AmazonEFS启用AWSBackup后设置自动备份,即使您为AmazonEFS选择退出或禁用AWSBackup,自动备份也会继续.
有关更多信息,请参阅选项3:创建自动备份(p.
18).
要禁用自动备份,请使用AmazonEFS控制台或API.
确保您正备份的资源位于同一AWS区域.
为完成本教程,您可以使用AWS账户根用户登录到AWS管理控制台.
但是,AWSIdentityandAccessManagement(IAM)建议您不要使用您的AWS账户根用户.
而是在您的账户中创建一个管理员,并使用这些凭证来管理您账户中的资源.
有关更多信息,请参阅设置(p.
11).
控制台提供了用于备份资源的不同选项.
AWSBackup您可以创建按需备份、计划和配置对资源的备份方式,或将资源配置为在创建资源时自动备份.
选项1:创建按需备份在AWSBackup控制台中,Protectedresources(受保护资源)页面列出了已由AWSBackup至少备份一次的资源.
如果您是首次使用AWSBackup,此页面上不会列出任何资源,例如AmazonEBS卷或AmazonRDS数据库.
如果备份计划未作为计划备份作业至少运行一次,即使该资源已分配到该备份计划中也是如此.
在此步骤1中,您将创建某个资源的按需备份.
然后,您将看到此资源在Protectedresources(受保护资源)页面上列出.
创建按需备份1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
从控制面板中,选择创建按需备份.
或者,使用导航窗格选择受保护的资源,然后选择创建按需备份.
3.
在Createon-demandbackup(创建按需备份)页面上,选择您要备份的资源类型,例如,为AmazonDynamoDB表选择DynamoDB.
4.
选择要保护的资源的名称或ID.
确保您选择的资源就是所需的资源.
Note对于AmazonFSxforLustre,仅支持持久性部署类型.
5.
确保选中了Createbackupnow(立即创建备份).
这将立即启动备份,使您能够在Protectedresources(受保护资源)页面上更快地看到您保存的资源.
14AWSBackup开发人员指南后续步骤6.
指定转换为冷存储值(如果适用)和过期值.
Note只有AmazonEFS备份支持转换为冷存储.
所有其他资源类型保存到热存储中.
Expire(过期)值对所有资源类型都有效.
当备份过期并标记为删除作为生命周期策略的一部分时,AWSBackup会在接下来的24小时内随机选择的点删除备份.
此窗口有助于确保一致的性能.
7.
选择现有备份文件库.
选择Createnewbackupvault(创建新备份文件库)将打开新页面用于创建文件库,然后在您完成时,让您返回到Createon-demandbackup(创建按需备份)页面.
8.
在IAMrole(IAM角色)下,选择Defaultrole(默认角色).
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
9.
如果您要将一个或多个标签分配到按需备份,请输入key(键)和(可选)value(值),然后选择Addtag(添加标签).
Note对于AmazonEC2资源,除了您添加到此备份的任何标签之外,AWSBackup还会自动复制现有组和单个资源标签.
有关更多信息,请参阅将标签复制到备份(p.
32).
在创建基于标签的备份计划时,如果您选择默认角色之外的角色,请确保该角色具有备份所有标记资源所需的权限.
AWSBackup尝试处理所有带选定标签的资源.
如果它遇到无权访问的资源,则备份计划将失败.
10.
选择Createon-demandbackup(创建按需备份).
此操作将您转至Jobs(作业)页面,在其中可以看到作业的列表.
11.
如果要备份的资源在实例上运行MicrosoftWindows,请在Advancedsettings(高级设置)部分中,选择WindowsVSSAmazonEC2.
这使您能够进行应用程序一致性WindowsVSS备份.
NoteAWSBackup当前仅支持在AmazonEC2上运行的资源的应用程序一致性备份.
并非所有实例类型或应用程序都支持WindowsVSS备份.
有关更多信息,请参阅创建启用VSS的Windows备份(p.
32).
12.
为您选择备份的资源选择备份作业ID以查看该作业的详细信息.
后续步骤要验证备份活动的状态并监控其详细信息,请转到选项2:创建计划备份(p.
15).
选项2:创建计划备份在AWSBackup教程中的此步骤中,您将创建备份计划、向该计划分配资源,然后创建备份保管库.
在开始之前,请确保您满足必需的先决条件.
有关更多信息,请参阅开始使用AWSBackup(p.
13).
主题步骤1:通过修改现有备份计划来创建备份计划(p.
16)步骤2:将资源分配给备份计划(p.
16)步骤3:创建备份文件库(p.
17)后续步骤(p.
18)15AWSBackup开发人员指南步骤1:通过修改现有备份计划来创建备份计划步骤1:通过修改现有备份计划来创建备份计划备份计划是一个策略表达式,它定义了备份AWS资源(例如AmazonDynamoDB表或AmazonElasticFileSystem(AmazonEFS)文件系统)的时间和方式.
您向备份计划分配资源,AWSBackup随后将根据备份计划自动备份这些资源并保留备份.
有关更多信息,请参阅使用备份计划管理备份(p.
22).
可通过两种方法创建新的备份计划:您可以从头开始构建一个备份,也可以基于现有备份计划构建一个.
此示例使用AWSBackup控制台通过修改现有备份计划来创建备份计划.
从现有备份计划创建备份计划1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
从控制面板中,选择管理备份计划.
或者,使用导航窗格选择Backupplans(备份计划),然后选择CreateBackupplan(创建备份计划).
3.
选择Startwithtemplate(使用模板开始),从列表中选择一个计划(例如,Daily-Monthly-1yr-Retention),然后在Backupplanname(备份计划名称)框中输入名称.
Note如果您尝试创建与现有计划相同的备份计划,则会收到AlreadyExistsException错误.
4.
在计划摘要页面上,选择所需的备份规则,然后选择Edit(编辑).
5.
查看并选择您要用于规则的值.
例如,您可以在Monthly(每月)规则中,将备份的保留期从一年延长到三年.
如果您的计划包括AmazonEFS备份,您可以配置生命周期策略,这些策略根据您定义的计划自动将这些备份从温存储转换为冷存储.
6.
对于备份文件库,选择Default(默认)或选择CreatenewBackupvault(创建新的备份文件库)以创建新的文件库.
7.
(可选)-从Destinationregion(目标区域)的列表中选择一个AWS区域,以将备份复制到不同的区域.
要添加更多区域,请选择Addcopy(添加副本).
8.
编辑完规则后,选择SaveBackuprule(保存备份规则).
在摘要页面上,选择分配资源以准备下一部分.
步骤2:将资源分配给备份计划要将备份计划应用于AWS资源,您可以选择一个备份计划,并使用标签为其分配资源,或者直接列出资源IDs.
有关资源的更多信息,请参阅将资源分配给备份计划(p.
24).
Note如果您在一个计划中保护的资源超过100个,我们建议您使用基于标签的管理.
如果您尚没有要分配到备份计划的现有AWS资源,请创建一些新资源以用于本练习.
您可以从支持的多个或全部服务创建多个资源.
这些资源可以包括:DynamoDB表AmazonEBS卷AmazonEC2实例AmazonFSx文件系统AmazonEFS文件系统AmazonRDS实例和AmazonAurora集群AWSStorageGateway卷16AWSBackup开发人员指南步骤3:创建备份文件库Note要按照标签分配资源,您必须将标签应用到资源.
例如,您可以使用键/值对BackupPlan:MissionCritical来标记此练习的所有资源.
将资源分配给备份计划1.
在AWSBackup控制台控制面板上,选择管理备份计划.
或者,使用导航窗格选择备份计划.
2.
从列表中选择一个计划,例如Daily-Monthly-1yr-Retention.
3.
在计划摘要页面上,选择分配资源.
4.
在资源分配名称字段中,选择资源分配的名称.
例如,您可以将资源选择命名为ApplicationFoo.
然后,您可以分配用于此应用程序的所有AWS资源,这些资源可能是AmazonEBS卷、AmazonEFS文件系统和AmazonRDS表的组合.
5.
在IAMrole(IAM角色)下,选择Defaultrole(默认角色).
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
如果您选择Defaultrole(默认角色)以外的角色,则角色名称必须包含字符串AwsBackup或AWSBackup.
没有其中一个字符串的角色名称没有足够的权限来执行该操作.
另请确保您的自定义角色具有备份所有标记资源所需的权限.
有关更多信息,请参阅将资源分配给备份计划(p.
24).
6.
在Assignresources(分配资源)部分中,确保Assignby(分配依据)控件显示Tags(标签).
输入标记您资源时使用的键和值;例如,BackupPlan:MissionCritical.
选择Addassignment(添加分配)以添加使用您选择的键值对标记的所有资源.
Note在创建基于标签的备份计划时,如果您选择默认角色之外的角色,请确保该角色具有备份所有标记资源所需的权限.
AWSBackup尝试处理所有带选定标签的资源.
如果它遇到无权访问的资源,则备份计划将失败.
在所选区域中,使用此键/值对标记的所有支持的资源将自动分配到此备份计划.
7.
当您的第一个资源分配下显示新的分配依据控件时,将值更改为ResourceID.
8.
选择您要添加到选择的资源类型,例如EBS.
将光标置于卷ID字段中,这将显示此类型的可用资源.
9.
从列表中选择资源,然后选择添加分配.
10.
完成资源添加之后,选择Assignresources(分配资源).
然后,您将返回到计划摘要页面,其中包含有关您的备份计划、备份规则、资源分配以及任何备份计划标签的信息.
步骤3:创建备份文件库您可不使用AWSBackup控制台上自动为您创建的默认备份文件库,而是创建特定备份文件库,在同一个文件库中保存和组织备份组.
有关备份文件库的更多信息,请参阅使用备份保管库(p.
26).
创建备份文件库1.
在AWSBackup控制台上,在导航窗格中选择Backupvaults(备份文件库).
Note如果导航窗格在左侧不可见,则您可以选择AWSBackup控制台上左上角的菜单图标来打开它.
17AWSBackup开发人员指南后续步骤2.
选择Createbackupvault(创建备份文件库).
3.
输入备份文件库的名称.
您对文件库进行命名以体现将要存储在其中的内容,或者使其易于搜索您所需的备份.
例如,您可以将其命名为FinancialBackups.
4.
选择AWSKMS密钥.
您可以使用已创建的密钥,也可以选择默认的AWSBackup主密钥.
Note此处指定的AWSKMS密钥仅应用到支持AWSBackup加密的服务的备份.
目前仅支持AmazonElasticFileSystem(AmazonEFS).
5.
(可选)添加标签可帮助您搜索和标识备份文件库.
例如,您可以添加BackupType:Financial标签.
6.
选择创建备份保管库.
7.
在导航窗格中,选择Backupvaults(备份文件库),并确保您的备份文件库已添加.
Note现在,您可以在某个备份计划中编辑备份规则,以便将由该规则创建的备份存储在您刚刚创建的备份保管库中.
后续步骤要验证备份活动的状态并监控其详细信息,请转到监控您的备份作业并验证您的资源是否受保护(p.
18).
选项3:创建自动备份使用AmazonElasticFileSystem控制台创建AmazonEFS(AmazonEFS)文件系统时,默认情况下会启用自动备份.
如果要自动备份现有的AmazonEFS文件系统,您可以使用AmazonEFS控制台、API或CLI执行此操作.
使用控制台自动备份现有AmazonEFS文件系统1.
打开AmazonEFS控制台(https://console.
aws.
amazon.
com/efs).
2.
在Filesystems(文件系统)页面上,选择要启用自动备份的文件系统.
3.
在"Generalsettings(常规设置)"面板中选择Edit(编辑).
4.
要启用自动备份,请选择Enableautomaticbackups.
Note默认备份计划设置为dailybackups,35-dayretention.
默认备份时段(运行备份的时间范围)设置为凌晨5点(协调世界时)开始,并持续8小时.
AWSBackup在您的账户中代表您创建服务相关角色.
此角色具有执行AmazonEFS备份所需的权限.
有关服务相关角色的详细信息,请参阅AWSBackup的服务相关角色(p.
68).
有关如何使用AmazonEFS控制台、API或CLI启用或禁用自动备份的分步说明,请参阅https://docs.
amazonaws.
cn/efs/latest/ug/awsbackup.
html#automatic-backups中的自动备份AmazonElasticFileSystem用户指南.
监控您的备份作业并验证您的资源是否受保护AWSBackup使您可以跨所用AWS服务,查看备份和还原活动的状态及其他详细信息.
18AWSBackup开发人员指南查看备份作业的状态在AWSBackup控制面板上,您可以管理备份计划、创建按需备份、还原备份以及查看备份和还原作业的状态.
主题查看备份作业的状态(p.
19)查看文件库中的所有备份(p.
19)查看受保护资源的详细信息(p.
19)后续步骤(p.
19)查看备份作业的状态使用AWSBackup控制面板可快速查看您的备份和还原活动的状态.
查看备份作业状态1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Dashboard.
3.
要查看备份作业的状态,请选择Backupjobsdetails(备份作业详细信息).
这会将您转到作业页面,在其中您可以查看包含备份作业和还原作业的表.
4.
您可以筛选按时间显示的作业.
例如,在过去24小时、上周或过去30天创建的作业.
您也可以通过选择齿轮图标,设置每页要显示的作业数.
查看文件库中的所有备份在AWSBackup中,按照以下步骤查看在指定文件库中创建的备份.
查看保管库中的所有备份1.
在AWSBackup控制台上,在导航窗格中选择Backupvaults(备份文件库).
2.
选择您创建按需备份或计划备份时使用的文件库,并查看在此文件库中创建的所有备份.
查看受保护资源的详细信息在Protectedresources(受保护资源)页面上,您可以浏览在AWSBackup中备份的资源的详细信息.
查看受保护的资源1.
在AWSBackup控制台上的导航窗格中,选择Protectedresources(受保护资源).
2.
查看所备份的AWS资源.
在列表中选择一个资源以浏览该资源的备份.
后续步骤在监控并验证资源的备份后,请继续还原备份(p.
19).
还原备份在某个资源至少备份一次之后,即将该资源视为受保护并且可以使用AWSBackup进行还原.
使用AWSBackup控制台,按照以下步骤来还原资源.
19AWSBackup开发人员指南后续步骤有关特定服务的还原参数,或使用AWSCLI或AWSBackupAPI还原备份的信息,请参阅还原备份.
还原资源1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择受保护的资源和要还原的资源ID.
3.
您的恢复点的列表(包括资源类型)按照资源ID显示.
选择资源以打开资源详细信息页.
4.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
5.
指定还原参数.
显示的还原参数特定于所选的资源类型.
Note如果只保留一个备份,则只能还原到执行该备份时的文件系统状态.
您无法还原到以前的增量备份.
有关如何还原特定资源的说明,请参阅使用控制台还原备份(p.
35).
6.
对于还原角色,选择默认角色.
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
7.
选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
Note当您执行还原操作来还原AmazonEFS实例中的特定项目时,可以将这些项目还原到新文件系统或现有文件系统.
如果将项目还原到现有文件系统,则AWSBackup会从根目录创建新的AmazonEFS目录来包含这些项目.
指定项目的完整层次结构将保留在恢复目录中.
例如,如果目录A包含子目录B、C和D,则在恢复A、B、C和D时,AWSBackup会保留分层结构.
无论是执行到现有文件系统还是新文件系统的AmazonEFS部分还原,每次还原尝试都会从根目录创建一个新的恢复目录来包含已还原的文件.
如果尝试对同一路径进行多次还原,则可能存在多个包含已还原项目的目录.
还原EFS实例如果要还原AmazonEFS实例,您可以执行Fullrestore(完整还原)来还原整个文件系统.
或者,您可以使用项目级还原来还原特定的文件和目录.
有关还原特定资源的信息,请参阅使用控制台还原备份(p.
35).
有关还原的详细信息,请参阅还原备份(p.
34).
后续步骤在验证还原结果后,我们建议您删除任何不需要保留的AWS资源,以避免产生不必要的费用.
有关更多信息,请参阅清理资源(p.
20).
清理资源在开始使用AWSBackup(p.
13)中执行所有任务之后,您可以清除已经创建的资源以免产生不必要的费用.
主题步骤1:删除还原的AWS资源(p.
21)20AWSBackup开发人员指南步骤1:删除还原的AWS资源步骤2:删除备份计划(p.
21)步骤3:删除恢复点(p.
21)步骤4:删除备份文件库(p.
21)步骤1:删除还原的AWS资源要删除您从恢复点还原的AWS资源(如AmazonElasticBlockStore(AmazonEBS)卷或AmazonDynamoDB表),请使用该服务的控制台.
例如,要删除AmazonElasticFileSystem(AmazonEFS)文件系统,请使用AmazonEFS控制台.
Note这是指还原的资源,而不是存储在备份文件库中的恢复点.
步骤2:删除备份计划如果您不希望创建计划备份,则应删除备份计划.
您必须先删除备份计划的所有资源分配,然后才能删除该计划.
按照以下步骤删除备份计划:删除备份计划1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Backupplans(备份计划).
3.
在Backupplans(备份计划)页面上,选择要删除的备份计划.
这会将您转到该备份的详细信息页面.
4.
要删除计划的资源分配,请选择分配名称旁的单选按钮,然后选择Delete(删除).
5.
要删除备份计划,请选择页面右上角的Delete(删除).
6.
在确认页面上,输入计划名称,然后选择Deleteplan(删除计划).
步骤3:删除恢复点接下来,您可以删除备份保管库中的备份恢复点.
删除恢复点1.
在AWSBackup控制台上,在导航窗格中选择Backupvaults(备份文件库).
2.
在Backupvaults(备份文件库)页面上,选择用于存储备份的备份文件库.
3.
选择恢复点并逐个删除它们.
步骤4:删除备份文件库您不能删除AWSBackup中的默认备份保管库.
但是,如果您创建了其他备份文件库,则可以通过删除备份来清空备份文件库.
然后选择该备份文件库并选择Delete(删除).
21AWSBackup开发人员指南创建备份计划使用备份计划管理备份在AWSBackup中,备份计划是一个策略表达式,定义您希望在什么时间以何种方式备份AWS资源,例如AmazonDynamoDB表或AmazonElasticFileSystem(AmazonEFS)文件系统.
您可以向备份计划分配资源,AWSBackup将根据备份计划自动创建备份并保留这些资源的备份.
如果您的工作负载具有不同的备份要求,则可以创建多个备份计划.
以下部分提供了在AWSBackup中管理备份的基础知识.
主题创建备份计划(p.
22)将资源分配给备份计划(p.
24)删除备份计划(p.
25)更新备份计划(p.
25)创建备份计划创建备份计划时,这会添加到您账户的计划集合中.
您还可以使用AWSCloudFormation模板创建备份计划.
有关信息,请参阅AWS备份资源类型参考在AWSCloudFormation用户指南.
主题使用AWS管理控制台创建备份计划(p.
22)备份计划选项和配置(p.
22)使用AWS管理控制台创建备份计划AWSBackup提供了两种方法来开始使用AWSBackup控制台:从现有计划开始—您可以根据现有计划中的配置创建新的备份计划.
请注意,备份计划由AWSBackup基于备份最佳实践和常见备份策略配置.
当您选择要从现有的备份计划开始时,该备份计划中的配置将自动填充到新的备份计划中.
随后,您可以根据备份要求更改其中的任意配置.
有关分步说明,请参阅入门部分中的步骤1:通过修改现有备份计划来创建备份计划(p.
16).
从头开始构建新计划—您可以通过指定各个备份配置详细信息来创建新的备份计划,如下一部分中所述.
您可以从推荐的默认配置中选择.
Note如果您尝试创建与现有计划相同的备份计划,则会收到AlreadyExistsException错误.
备份计划选项和配置在AWSBackup控制台中定义备份计划时,您可以配置以下选项:备份计划名称您必须提供唯一备份计划名称.
22AWSBackup开发人员指南备份计划选项和配置Note如果您尝试创建与现有计划相同的备份计划,则会收到AlreadyExistsException错误.
备份规则备份计划由一个或多个备份规则组成.
每个备份规则都包含以下元素.
Note如果两个规则的时间范围重叠,则具有多个规则的备份计划,AW备份将删除备份,并以更长的保留时间为规则进行备份.
重复数据删除会考虑完整的启动窗口,而不仅仅是在进行每日备份时.
备份规则名称备份规则名称区分大小写.
必须包含1到63个字母数字字符或连字符.
备份频率备份频率决定多久创建一次备份.
您可从每12个小时、每天、每周或每月中选择频率.
在选择每周时,您可以指定在周中的星期几进行备份.
选择每月时,您可以选择月中的特定日期.
备份时段备份时段由备份时段的开始时间和持续时间(以小时为单位)构成.
备份作业会在此时段内启动.
如果您不确定要使用哪个备份时段,则可选择使用AWSBackup推荐的默认备份时段.
默认备份时段设置为凌晨5点UTC(协调世界时)开始,并持续8个小时.
Note您可以使用cron表达式来自定义备份频率和备份时段开始时间.
有关cron表达式的更多信息,请参阅调度规则表达式在AmazonCloudWatchEvents用户指南.
我们建议使用多种可用的cron发生器和测试工具之一来测试您的cron表达.
Lifecycle生命周期定义备份何时转换到冷存储以及何时过期.
AWSBackup将根据您定义的生命周期自动转换备份和使备份过期.
如果希望备份增加,则必须至少有一个热备份.
因为冷存储的每个备份都是完全备份,AWSBackup建议您设置生命周期设置,直到至少8天后才能将备份移至冷存储.
如果将生命周期设置为在1天后备份到冷存储,则这些备份中的每一个将是完全备份.
这可能比向冷存储的不太常规的传输成本效率低.
转换到冷存储的备份必须在冷存储中存储至少90天.
因此,在控制台上,"一天后到期"设置必须比"一天后感冒"设置长90天.
在备份转换为冷态后,您无法更改"转换为冷态前经过的天数"设置.
Note目前,只有AmazonEFS文件系统备份可以转换为冷存储.
对于AmazonElasticBlockStore(AmazonEBS)、AmazonRelationalDatabaseService(AmazonRDS)、AmazonAurora、AmazonDynamoDB和AWSStorageGateway的备份,将忽略冷存储表达式.
当备份到达其生命周期的末尾,并被标记为作为生命周期策略的一部分进行删除时,AWSBackup在以下24小时内,在随机选择的点删除备份.
此24小时窗口期有助于确保删除性能的一致性.
备份文件库备份文件库是一个用来整理备份的容器.
由备份规则创建的备份存储到您在备份规则中指定的备份文件库.
您可以使用备份文件库设置AWSKeyManagementService(AWSKMS)加密密钥,该密钥用于加密备份文23AWSBackup开发人员指南分配资源件库中的备份以及控制对备份文件库中的备份的访问.
您还可以向备份文件库添加标签来帮助组织备份文件库.
如果您不想使用默认文件库,可以自行创建文件库.
有关创建备份文件库的分步说明,请参阅步骤3:创建备份文件库(p.
17).
生成复制到区域作为备份计划的一部分,您可以选择在另一个AWS区域中创建备份副本.
有关备份副本的更多信息,请参阅跨区域备份(p.
9).
在定义备份副本时,您可以配置以下选项:目标区域备份副本的目标区域.
(高级设置)备份保管库副本的目标备份保管库.
(高级设置)IAM角色AWSBackup在创建副本时使用的IAM角色.
该角色还必须将AWSBackup列为可信实体,这使得AWSBackup能够代入该角色.
如果您选择Default(默认值)且账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
(高级设置)生命周期指定将备份副本转换到冷存储的时间以及副本的到期(删除)时间.
转换到冷存储的备份必须在冷存储中存储至少90天.
在副本转换为冷存储后,您无法更改此值.
过期指定副本在创建后多少天删除.
这必须比转换为冷存储值多90天.
Note当备份到达其生命周期的末尾,并被标记为作为生命周期策略的一部分进行删除时,AWSBackup在以下24小时内,在随机选择的点删除备份.
此24小时窗口期有助于确保删除性能的一致性.
添加到恢复点的标签您在此处列出的标签,在创建备份时将自动添加到备份.
添加到备份计划的标签这些标签与备份计划本身关联,帮助您组织和跟踪备份计划.
高级备份设置为在上运行的第三方应用程序启用应用程序一致的备份AmazonEC2实例.
目前,AWSBackup支持WindowsVSS备份.
AWSBackup排除特定AmazonEC2来自WindowsVSS备份的实例类型.
有关更多信息,请参阅创建启用VSS的Windows备份(p.
32).
将资源分配给备份计划当您将资源分配到备份计划时,该资源将根据备份计划自动备份.
该资源的备份将根据备份计划进行管理.
您可以使用标记或资源分配资源IDs.
Note如果您在计划中保护超过100个资源,我们建议您使用基于标签的管理.
24AWSBackup开发人员指南删除备份计划使用标签来分配资源是一种备份多个资源的简单且可扩展的方式.
具有您在资源分配中指定的标签的任何资源都将分配给备份计划.
例如,如果您包括标签值"July"和"August",您的备份将包括使用所选月份标记的所有资源.
请注意,标记区分大小写.
例如,您可以定义满足任务关键数据的备份要求的备份计划,并使用标记键创建资源分配"Classification"并标记值"MissionCritical"然后,您使用该标记的任何资源将自动分配给您的关键任务备份计划.
Note在创建基于标签的备份计划时,如果您选择默认角色之外的角色,请确保该角色具有备份所有标记资源所需的权限.
AWSBackup尝试处理所有带选定标签的资源.
如果它遇到无权访问的资源,则备份计划将失败.
有关将资源分配到备份计划的分步说明,请参阅"入门"部分中的步骤2:将资源分配给备份计划(p.
16).
删除备份计划只有在删除了所有关联的资源选择之后,才能删除备份计划.
删除备份计划时将删除计划的当前版本.
当前版本和以前版本(如果有)仍然存在,但控制台的Backupplans(备份计划)下将不再列出它们.
Note在删除备份计划时,不会删除现有备份.
要删除现有备份,请从备份保管库中将其删除.
使用AWSBackup控制台删除备份计划1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在左侧的导航窗格中,选择Backupplans(备份计划).
3.
在列表中选择备份计划.
4.
选择与备份计划关联的任意资源分配.
5.
选择Delete(删除).
更新备份计划创建备份计划后,您可以编辑计划,例如,您可以添加标签,也可以添加、编辑或删除备份规则.
您对备份计划所做的任何更改都不会影响备份计划已经创建的现有备份.
这些更改仅应用到未来创建的备份.
例如,当您更新备份规则中的保留期时,在您更新保留期之前创建的备份,其保留期仍保持相同.
该规则以后创建的任何备份将使用更新后的保留期.
使用AWSBackup控制台编辑备份计划1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Backupplans(备份计划).
3.
选择备份规则,然后选择Edit(编辑).
4.
在备份规则中,按照需要更改设置,然后选择Save(保存).
25AWSBackup开发人员指南创建备份文件库使用备份保管库在AWSBackup中,备份文件库是您在其中组织备份的容器.
您可以使用备份文件库设置AWSKeyManagementService(AWSKMS)加密密钥,该密钥用于加密备份文件库中的备份以及控制对备份文件库中的备份的访问.
如果需要为不同的备份组使用不同的加密密钥或访问策略,您可以选择创建多个备份文件库.
或者,您可以将所有备份组织在默认备份文件库中.
本节概述如何在AWSBackup中管理您的备份文件库.
主题创建备份文件库(p.
26)在备份文件库和恢复点上设置访问策略(p.
26)删除备份文件库(p.
29)创建备份文件库一个AWS账户最多可以为每个AWS区域创建100个备份文件库.
有关创建备份文件库的分步说明,请参阅入门指南中的步骤3:创建备份文件库(p.
17).
创建备份文件库时,您可以定义以下元素.
备份文件库名称备份文件库名称区分大小写.
它们必须包含2至50个字母数字字符、连字符或下划线.
KMS加密主密钥AWSKMS加密主密钥用于保护此备份文件库中的备份.
默认情况下,AWSBackup使用别名aws/backup为您创建主密钥.
您可以选择该密钥,或者选择账户中的其他密钥.
您可以通过转到AWSIdentityandAccessManagement(IAM)控制台的加密密钥部分来创建新的主加密密钥.
有关更多信息,请参阅创建密钥在AWSKeyManagementServiceDeveloperGuide.
创建备份文件库并设置了AWSKMS加密主密钥之后,以后您无法编辑备份文件库的密钥.
在AWSBackup文件库中指定的加密密钥适用于特定资源类型的备份.
有关备份加密的更多信息,请参阅"安全"部分中的AWS中的备份的加密(p.
51).
所有其他资源类型的备份通过用于加密源资源的密钥进行备份.
备份文件库标签这些标签与备份文件库关联,帮助您组织和跟踪备份文件库.
在备份文件库和恢复点上设置访问策略借助AWSBackup,您可以将策略分配给角色、用户或组,以限制对备份文件库及其包含的资源的访问.
通过分配策略,您可以执行诸多操作,例如,授予用户创建备份计划和按需备份的访问权限,但限制用户在创建恢复点后删除这些恢复点的能力.
26AWSBackup开发人员指南拒绝对备份文件库中的资源类型的访问有关使用策略授予或限制访问资源的信息,请参阅基于身份的政策和基于资源的策略在IAM用户指南.
您还可以使用标记来控制访问.
您可以使用以下示例策略作为指南,在使用AWSBackup文件库时限制对资源的访问.
Important不同于其他IAM-基于政策,AWSBackup访问策略不支持中的通配符Action键.
有关可用于识别不同资源类型的恢复点的Amazon资源名称(ARN)列表,请参阅AWSBackup资源ARNs(p.
54)用于资源特定恢复点ARNs.
Note无论AWSBackup存储库的访问政策如何,AWSBackup都将拒绝来自与引用的资源帐户不同的帐户的任何请求.
主题拒绝对备份文件库中的资源类型的访问(p.
27)拒绝对备份文件库的访问(p.
27)拒绝删除备份文件库中的恢复点(p.
28)拒绝对备份文件库中的资源类型的访问此策略拒绝针对备份文件库中的所有AmazonEBS快照访问指定的API操作.
{"Version":"2012-10-17","Statement":[{"Sid":"statementID","Effect":"Deny","Principal":{"AWS":"arn:aws:iam::AccountID:role/MyRole"},"Action":["backup:UpdateRecoveryPointLifecycle","backup:DescribeRecoveryPoint","backup:DeleteRecoveryPoint","backup:GetRecoveryPointRestoreMetadata","backup:StartRestoreJob","backup:DescribeRecoveryPoint"],"Resource":["arn:aws:ec2:Region::snapshot/*"]}]}Note此访问策略仅控制用户访问AWSBackupAPIs.
某些备份类型,例如AmazonElasticBlockStore(人AmazonEBS)和AmazonRelationalDatabaseService(人AmazonRDS)快照,也可以使用APIs服务.
您可以在中创建单独的访问策略IAM控制对APIs以完全控制对备份的访问.
拒绝对备份文件库的访问此策略拒绝访问针对备份文件库的指定API操作.
27AWSBackup开发人员指南拒绝删除备份文件库中的恢复点{"Version":"2012-10-17","Statement":[{"Sid":"statementID","Effect":"Deny","Principal":{"AWS":"arn:aws:iam::AccountID:role/MyRole"},"Action":["backup:DescribeBackupVault","backup:DeleteBackupVault","backup:PutBackupVaultAccessPolicy","backup:DeleteBackupVaultAccessPolicy","backup:GetBackupVaultAccessPolicy","backup:StartBackupJob","backup:GetBackupVaultNotifications","backup:PutBackupVaultNotifications","backup:DeleteBackupVaultNotifications","backup:ListRecoveryPointsByBackupVault"],"Resource":"arn:aws:backup:Region:AccountID:backup-vault:backupvaultname"}]}拒绝删除备份文件库中的恢复点根据您授予用户的访问权限来确定这些用户是否可以访问文件库以及是否能够删除存储在其中的恢复点.
请按照以下步骤在备份文件库上创建基于资源的访问策略,阻止删除备份文件库中的任意备份.
在备份文件库上创建基于资源的访问策略1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在左侧的导航窗格中,选择Backupvaults(备份文件库).
3.
在列表中选择备份文件库.
4.
在Accesspolicy(访问策略)部分中,粘贴以下JSON示例.
此策略可防止不是委托人的任何用户删除目标备份文件库中的恢复点.
ReplacestatementID,AccountID、和principal类型(role/MyRole)以及环境值.
{"Version":"2012-10-17","Statement":[{"Sid":"statementID","Effect":"Deny","Principal":"*","Action":"backup:DeleteRecoveryPoint","Resource":"*","Condition":{"StringNotLike":{"aws:userId":["arn:aws:iam::AccountID:role/MyRole""]}28AWSBackup开发人员指南删除备份文件库}}]}有关获取IAM实体的唯一ID的信息,请参阅获取唯一ID.
如果要将此限制为特定资源类型,而不是"Resource":"*",您可以明确包含要拒绝的恢复点类型,例如,对于AmazonEBS快照,请将资源类型更改为:"Resource":["arn:aws:ec2:Region::snapshot/*"]5.
选择Attachpolicy(附加策略).
删除备份文件库只有在删除了所有关联的备份之后,才能在AWSBackup中删除备份文件库.
使用AWSBackup控制台删除备份文件库1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在导航窗格中,选择Backupvaults(备份文件库).
3.
选择要删除的备份文件库.
4.
选择并删除与备份文件库关联的任何备份,然后选择Delete(删除).
Note删除备份文件库时,请更新您的备份计划以指向新的备份文件库.
指向已删除备份文件库的备份计划将导致备份创建失败.
29AWSBackup开发人员指南使用备份备份,也称为恢复点,表示在指定时间资源的内容,例如AmazonElasticBlockStore(AmazonEBS)卷或AmazonDynamoDB表.
恢复点是一个术语,通常指代AWS服务中的不同备份,例如AmazonEBS快照和DynamoDB备份.
术语恢复点和备份可以互换使用.
在AWSBackup中,恢复点保存到备份文件库,在其中您可根据业务需求进行组织.
例如,您可以保存一组包含2016财年财务信息的资源.
需要恢复某个资源时,您可以使用AWSBackup控制台或AWSCommandLineInterface(AWSCLI)来查找和恢复所需的资源.
每个恢复点都有唯一的ID.
下表包含AWSBackup支持的AWS资源类型及其对应恢复点ID的示例.
资源类型备份名称恢复点ID示例AmazonFSx文件系统AmazonFSx备份backup/backup-0ecdf967356c809c7AmazonElasticComputeCloud(AmazonEC2)实例AmazonEC2备份image/ami-0ecdf967356c809c7AmazonEBS卷AmazonEBS快照snapshot/snap-05f426fd8kdjb4224AmazonRDS数据库AmazonRDS快照awsbackup:job-be59cf2a-2343-4402-bd8b-226993d23453AmazonAurora数据库集群Aurora集群awsbackup:job-be59cf2a-2343-4402-bd8b-226993d23453AmazonEFS文件系统AmazonEFS备份d99699e7-e183-477e-bfcd-ccb1c6e5455eDynamoDB表DynamoDB备份table/MyDynamoDBTable/backup/01547087347000-c8b6kdk3AWSStorageGateway卷AmazonEBS快照*snapshot/snap-0d40e49137e31d9e0*在您备份AWSStorageGateway卷时,将创建AmazonEBS快照.
然后,此快照可以作为AmazonEBS卷或AWSStorageGateway卷进行恢复.
以下各节概述了AWSBackup中的基本备份管理任务.
主题创建备份(p.
31)还原备份(p.
34)停止备份作业(p.
42)查看备份列表(p.
42)编辑备份(p.
43)30AWSBackup开发人员指南创建备份创建备份在AWSBackup中,您可以使用备份计划自动创建备份,也可以通过启动按需备份来手动创建备份.
当备份计划自动创建备份时,使用在备份计划中定义的生命周期设置来配置备份.
它们在备份计划中指定的备份文件库中进行组织.
也将为它们分配备份计划中列出的标签.
有关备份计划的更多信息,请参阅使用备份计划管理备份(p.
22).
创建按需备份时,您可以为所创建的备份配置这些设置.
不论是通过自动还是手动创建备份,都将启动备份作业.
每个备份作业都有唯一的ID,例如D48D8717-0C9D-72DF-1F56-14E703BF2345.
您可在AWSBackup控制台的Jobs(作业)页面上查看备份作业的状态.
备份作业的状态包括created(已创建)、pending(待处理)、running(正在运行)、aborting(正在中止)、aborted(已中止)、completed(已完成)、failed(失败)和expired(已过期).
虽然第一个备份后的每个备份都是增量的(这意味着它仅捕获来自上一个备份的更改),但使用AWSBackup进行的所有备份将保留必要的引用数据以允许完全还原.
即使原始(完整)备份已达到其生命周期限制并已删除也是如此.
例如,如果您的第1天(完整)备份因3天生命周期策略而被删除,您仍然可以使用第2天和第3天中的备份执行完整还原.
AWSBackup将保留第1天的必要引用数据以启用该功能.
有关创建备份计划的更多信息,请参阅创建备份计划(p.
22).
主题创建按需备份(p.
31)创建启用VSS的Windows备份(p.
32)创建备份副本(p.
33)创建按需备份在AWSBackup控制台中,Protectedresources(受保护资源)页面列出了已由AWSBackup至少备份一次的资源.
如果您是首次使用AWSBackup,则此页面上不会列出任何资源(例如AmazonEBS卷或AmazonRDS数据库).
即使已将资源分配给备份计划并且该备份计划未运行至少一次计划备份作业,也会出现此情况.
创建按需备份1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在控制面板中,选择Createanon-demandbackup(创建按需备份).
或者,在导航窗格中,选择Protectedresources(受保护的资源),然后选择Createanon-demandbackup(创建按需备份).
3.
在Createon-demandbackup(创建按需备份)页面上,选择您要备份的资源类型,例如,为AmazonDynamoDB表选择DynamoDB.
4.
选择要保护的资源的名称或ID;例如,VideoMetadataTable.
5.
确保选中了Createbackupnow(立即创建备份).
这将立即启动备份,使您能够在Protectedresources(受保护资源)页面上更快地看到您保存的资源.
6.
如果您使用的是AmazonEBS、DynamoDB、AmazonRDS或AmazonAurora,Transitiontocoldstorage(转换到冷存储)的值会被标记为N/A(不适用),因为这些资源类型无法保存到冷存储中.
如果您使用的是AmazonEFS,请选择所需的值,以指定此备份转换到冷存储的时间.
7.
选择Expire(过期)值.
Note当备份过期并标记为删除作为生命周期策略的一部分时,AWSBackup会在接下来的24小时内随机选择的点删除备份.
此窗口有助于确保一致的性能.
31AWSBackup开发人员指南VSS支持的Windows备份8.
选择现有的Backupvault(备份文件库)或创建新的备份文件库.
选择Createnewbackupvault(创建新备份文件库)将打开新页面用于创建文件库,然后在您完成时,让您返回到Createon-demandbackup(创建按需备份)页面.
9.
在IAM角色下,选择默认角色或您选定的角色.
Note如果账户中不存在AWSBackup默认角色,将使用正确的权限为您创建一个.
10.
如果您要将一个或多个标签分配到按需备份,请输入键和可选的值,然后选择添加标签.
Note对于AmazonEC2资源,除了您在此步骤中添加的任何标签之外,AWSBackup还会自动复制现有组和单个资源标签.
11.
如果要备份的资源正在运行AmazonEC2实例,请在Advancedsettings(高级设置)部分中选择WindowsVSS.
这使您能够进行应用程序一致性WindowsVSS备份.
NoteAWSBackup当前支持在AmazonEC2上运行的资源,并且不支持某些实例类型.
有关更多信息,请参阅创建启用VSS的Windows备份(p.
32).
12.
选择Createon-demandbackup(创建按需备份).
这会将您带到Jobs(作业)页面,在其中您可以看到作业列表.
13.
为您选择备份的资源选择BackupjobID(备份作业ID).
在作业详细信息页面中,将鼠标指针悬停在状态上可查看作业状态的详细信息.
将标签复制到备份分配给您的资源的标签可以与存储在备份文件库中的恢复点相关联.
标签将自动分配给您的备份,但以下情况会例外并增加:对于AmazonEC2资源,除了您添加到当前备份的任何标签之外,AWSBackup还会自动复制现有组和单个资源标签.
附加到AmazonEBS实例的AmazonEC2卷是嵌套资源,因此,附加到AmazonEBS实例的AmazonEC2卷上的标签是嵌套标签.
DynamoDB不支持为备份分配标签.
最初与资源关联的标签以及备份期间分配的标签会分配给存储在备份文件库中的恢复点,最多可达50个.
备份期间分配的标签优先,并且两组标签均按字母顺序选择.
有关在备份中保存元数据标签所需的资源特定权限的列表,请参阅将标签分配给备份所需的权限(p.
55).
如果您将备份复制到另一个AWS区域,则AWSBackup会将原始备份的所有标签复制到目标AWS区域.
创建启用VSS的Windows备份借助AWSBackup,您可以备份和还原在AmazonEC2实例上运行的启用了VSS(卷影复制服务)的Windows应用程序.
您可以执行一致的还原,同时使用用于保护其他AWS资源的同一托管备份服务.
借助EC2上的应用程序一致性Windows备份,您将获得与传统备份工具相同的一致性设置和应用程序感知.
NoteAWSBackup当前仅支持在AmazonEC2上运行的资源的应用程序一致性备份.
并非所有实例类型或应用程序都支持WindowsVSS备份.
32AWSBackup开发人员指南创建备份副本有关更多信息,请参阅https://docs.
amazonaws.
cn/AWSEC2/latest/WindowsGuide/application-consistent-snapshots.
html中的创建VSS应用程序一致性快照AmazonEC2用户指南(适用于Windows实例).
要备份和还原运行AmazonEC2的启用VSS的Windows资源,请执行以下步骤:完成所需的先决任务.
有关说明,请参阅https://docs.
amazonaws.
cn/AWSEC2/latest/WindowsGuide/application-consistent-snapshots-prereqs.
html中的开始前的准备工作AmazonEC2用户指南(适用于Windows实例).
在AWSSystemsManager中下载、安装和配置VSS代理.
这个步骤为必填项.
有关说明,请参阅AWSSystemsManager用户指南中的使用RunCommand更新SSM代理.
将IAM策略添加到IAM角色并将该角色附加到AmazonEC2实例,然后再进行WindowsVSS(卷影复制服务)备份.
有关说明,请参阅中的为启用VSS的快照创建IAM角色.
AmazonEC2用户指南(适用于Windows实例)有关IAM策略的示例,请参阅托管策略(p.
56).
在AWSBackup中启用VSS.
在AWSBackup中启用WindowsVSS备份1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在控制面板上,选择您要创建的备份类型,可以是创建按需备份或管理备份计划.
提供备份类型所需的信息.
3.
当您分配资源时,请选择EC2.
目前,仅EC2实例支持WindowsVSS备份.
4.
在Advancedsettings部分中,选择WindowsVSS.
这使您能够进行应用程序一致性WindowsVSS备份.
5.
创建您的备份.
不支持的AmazonEC2实例支持VSS的Windows备份不支持以下AmazonEC2实例类型,因为它们是小型实例,可能无法成功进行备份.
t3.
nanot3.
microt3a.
nanot3.
microt2.
nanot2.
micro创建备份副本您可以按需将备份复制到多个AWS区域,也可以将备份作为定期备份计划的一部分自动复制.
有关备份计划的更多信息,请参阅创建备份计划(p.
22).
Note当您复制AmazonRDS数据库时,AWSBackup不支持选项组.
按需复制现有备份1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
选择备份保管库.
3.
选择一个保管库并从其中选择恢复点.
33AWSBackup开发人员指南还原备份4.
选择复制按钮.
5.
输入以下值:目标区域选择副本的目标AWS区域.
对于每个副本,您可以将新的复制规则添加到新的目标.
Note不支持跨AWS区域复制AmazonDynamoDB表.
(高级设置)备份保管库选择副本的目标备份保管库.
(高级设置)IAM角色选择AWSBackup在创建副本时将使用的IAM角色.
该角色还必须将AWSBackup列为可信实体,这使得AWSBackup能够代入该角色.
如果您的账户中不存在默认值和AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
(高级设置)生命周期选择将备份副本转换到冷存储的时间以及副本的到期(删除)时间.
转换到冷存储的备份必须在冷存储中存储至少90天.
在副本转换为冷存储后,无法更改此值.
目前,只有AmazonEFS文件系统备份可以转换为冷存储.
对于AmazonElasticBlockStore(AmazonEBS)、AmazonRelationalDatabaseService(AmazonRDS)、AmazonAurora、AmazonDynamoDB和AWSStorageGateway的备份,将忽略冷存储表达式.
过期指定副本在创建后多少天删除.
此值必须比转换为冷存储值多90天.
Note当备份过期并标记为删除以作为生命周期策略的一部分时,AWSBackup会在接下来的24小时内随机选择的点删除备份.
此窗口有助于确保一致的性能.
6.
选择创建备份.
有关将标签应用于备份副本的信息,请参阅将标签复制到备份(p.
32).
在首次将备份复制到新的AWS区域时,AWSBackup将复制整个备份.
如果服务支持增量备份,则该备份在同一AWS区域中的后续副本将是增量的.
Note自动为所有受支持的资源加密备份副本.
还原备份在AWSBackup中还原备份时,将根据您所还原的备份创建新资源.
对于每次还原,您必须指定还原参数.
还原参数特定于资源类型,例如还原AmazonElasticBlockStore(AmazonEBS)快照时的卷大小.
当您使用AWSBackup控制台还原备份时,自动呈现服务特定的还原参数.
对于每次还原,将使用唯一作业ID创建还原作业,例如,1323657E-2AA4-1D94-2C48-5D7A423E7394.
您可在AWSBackup控制台的Jobs(作业)页面查看还原作业的状态.
还原作业的状态包括created(已创建)、pending(待处理)、running(正在运行)、aborting(正在中止)、aborted(已中止)、completed(已完成)、failed(失败)和expired(已过期).
34AWSBackup开发人员指南使用控制台有关使用AWSBackup控制台的每项服务的基本还原说明和文档链接,请参阅"入门"部分中的还原备份(p.
19).
有关使用AWSBackup控制台时每项服务的分步还原说明,请参阅使用控制台还原备份(p.
35).
主题使用控制台还原备份(p.
35)使用AWSCLI或AWSBackupAPI还原备份(p.
41)使用控制台还原备份在某个资源至少备份一次之后,即将该资源视为受保护并且可以使用AWSBackup进行还原.
使用的还原参数将特定于备份的资源类型.
可以还原AWSBackup支持的任何资源.
主题还原AmazonFSx文件系统(p.
35)还原AmazonEBS卷(p.
37)还原AmazonEFS文件系统(p.
37)还原AmazonDynamoDB数据库(p.
38)还原AmazonRDS数据库(p.
39)还原AmazonAurora集群(p.
40)还原AmazonEC2实例(p.
40)还原AmazonFSx文件系统使用AWSBackup还原AmazonFSx文件系统时可用的还原选项与使用本机AmazonFSx备份相同.
您可以使用备份的恢复点创建新的文件系统并还原另一个文件系统的时间点快照.
在还原AmazonFSx文件系统时,AWSBackup创建新的文件系统并用数据填充它.
这类似于本机AmazonFSx备份和还原文件系统的方式.
将备份还原到新文件系统与创建新文件系统所花费的时间相同.
从备份还原的数据将延迟加载到文件系统中.
因此,在处理过程中可能会遇到稍高的延迟.
Note您无法还原到现有AmazonFSx文件系统,也无法还原单个文件或文件夹.
包含AWSBackup文件系统的恢复点的AmazonFSx文件库在AWSBackup外部是可见的.
您可以使用AmazonFSx还原恢复点,但无法将其删除.
您可以从FSx控制台查看由内置的AmazonAWSBackup自动备份功能创建的备份.
您还可以使用AWSBackup恢复这些备份.
但是,您无法使用AmazonFSx删除这些备份或更改AWSBackup文件系统的自动备份计划.
您可以使用AWSBackup控制台、API或AWSBackup还原AWSCLI创建的备份.
本节介绍如何使用AWSBackup控制台还原AmazonFSx文件系统.
还原AmazonFSxforWindowsFileServer文件系统还原AmazonFSxforWindowsFileServer文件系统1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源),然后选择要还原的AmazonFSx资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
选择资源的恢复点ID.
35AWSBackup开发人员指南使用控制台4.
在窗格的右上角,选择Restore(还原)以打开Restorebackup(还原备份)页面.
5.
在Filesystemdetails(文件系统详细信息)部分中,备份的ID显示在BackupID(备份ID)下,文件系统类型显示在Filesystemtype(文件系统类型)下.
您可以还原AmazonFSxforWindowsFileServer和AmazonFSxforLustre文件系统.
6.
(可选)输入文件系统的名称.
7.
对于Deploymenttype(部署类型),接受默认值.
在还原期间,您无法更改文件系统的部署类型.
8.
选择要使用的Storagetype.
如果文件系统的存储容量小于2,000GiB,则无法使用HDD存储类型.
9.
对于Throughputcapacity(吞吐容量),选择Recommendedthroughputcapacity(建议的吞吐容量)以使用建议的16MB/s速率,或选择Specifythroughputcapacity(指定吞吐容量)并输入新速率.
10.
在Networkandsecurity(网络和安全性)部分中,提供所需信息.
11.
如果要还原AmazonFSxforWindowsFileServer文件系统,请提供用于访问文件系统的Windows身份验证信息,您也可以新建一个信息.
Note还原备份时,您无法更改文件系统上的ActiveDirectory类型.
有关MicrosoftActiveDirectory的更多信息,请参阅中的FSx在适用于WindowsFileServer的Amazon中使用ActiveDirectory.
AmazonFSxforWindowsFileServer用户指南12.
(可选)在Backupandmaintenance(备份和维护)部分中,提供用于设置备份首选项的信息.
13.
在Restorerole(还原角色)部分中,选择IAM将用来代表您创建和管理备份的AWSBackup角色.
我们建议您选择Defaultrole(默认角色).
如果没有默认角色,则将使用正确的权限为您创建一个.
您也可以提供自己的IAM角色.
14.
验证您的所有条目,然后选择RestoreBackup.
还原AmazonFSxforLustre文件系统对于具有持久性存储部署类型且未链接到AWSBackup等数据存储库的Lustre文件系统,AmazonFSx支持AmazonS3.
还原AmazonFSxforLustre文件系统1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源),然后选择要还原的AmazonFSx资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
选择资源的恢复点ID.
4.
在窗格的右上角,选择Restore(还原)以打开Restorebackuptonewfilesystem(将备份还原到新文件系统)页面.
5.
在Settings(设置)部分中,备份的ID显示在BackupID(备份ID)下,文件系统类型显示在Filesystemtype(文件系统类型)下.
文件系统类型应为Lustre.
6.
(可选)输入文件系统的名称.
7.
选择Deploymenttype(部署类型).
AWSBackup仅支持该持久性部署类型.
在还原期间,您无法更改文件系统的部署类型.
持久性部署类型用于长期存储.
有关AmazonFSxforLustre部署选项的详细信息,请参阅中的FSx将可用的部署选项用于AmazonforLustre文件系统.
AmazonFSxforLustre用户指南8.
选择要使用的Throughputperunitstorage(每单位存储吞吐量).
9.
指定要使用的Storagecapacity(存储容量).
输入32GiB到64,436GiB之间的容量.
10.
在Networkandsecurity(网络和安全性)部分中,提供所需信息.
11.
如果要还原AmazonFSxforWindowsFileServer文件系统,请提供用于访问文件系统的Windows身份验证信息,您也可以新建一个信息.
36AWSBackup开发人员指南使用控制台有关MicrosoftActiveDirectory的详细信息,请参阅中的FSx在适用于WindowsFileServer的Amazon中使用ActiveDirectory.
AmazonFSxforWindowsFileServer用户指南12.
(可选)在Backupandmaintenance(备份和维护)部分中,提供用于设置备份首选项的信息.
13.
在Restorerole(还原角色)部分中,选择IAM将用来代表您创建和管理备份的AWSBackup角色.
我们建议您选择Defaultrole(默认角色).
如果没有默认角色,则将使用正确的权限为您创建一个.
您还可以提供您的IAM角色.
14.
验证您的所有条目,然后选择RestoreBackup.
还原AmazonEBS卷如果要还原AmazonElasticBlockStore(AmazonEBS)快照,您可以选择将快照作为EBS卷或AWSStorageGateway卷还原.
这是因为AWSBackup与这两个服务集成,并且任何AmazonEBS快照均可还原到EBS卷或AWSStorageGateway卷.
还原AmazonEBS卷1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源),然后选择要还原的EBS资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
指定资源的还原参数.
您输入的还原参数将特定于所选的资源类型.
对于资源类型,选择还原此备份时要创建的AWS资源.
5.
如果选择EBSvolume(EBS卷),请提供Volumetype(卷类型)和Size(GiB)(大小(GiB))的值,然后选择Availabilityzone(可用区).
如果选择StorageGatewayvolume(StorageGateway卷),请选择要还原到的Gateway(网关),然后输入iSCSItargetname(iSCSI目标名称).
6.
对于还原角色,选择默认角色.
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
7.
选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
还原AmazonEFS文件系统如果要还原AmazonElasticFileSystem(AmazonEFS)实例,您可以执行完整还原或项目级还原.
完整还原在执行完整还原时,整个文件系统都将被还原.
项目级还原在执行项目级还原时,AWSBackup将还原特定的文件或目录.
您必须指定与挂载点相关的相对路径.
例如,如果文件系统挂载到/user/home/myname/efs并且文件路径为user/home/myname/efs/file1,则输入/file1.
路径区分大小写.
不支持通配符和正则表达式字符串.
可以将这些项目还原到新的或现有的文件系统.
如果将项目还原到现有文件系统,AWSBackup会从根目录创建一个新的AmazonEFS目录(aws-backup-restore_datetime)以包含项目.
指定项目的完整层次结构将保留在恢复目录中.
例如,如果目录A包含子目录B、C和D,则在恢复A、B、C和D时,AWS37AWSBackup开发人员指南使用控制台Backup会保留分层结构.
无论是执行到现有文件系统还是新文件系统的AmazonEFS项目级还原,每次还原尝试都会从根目录创建一个新的恢复目录来包含已还原的文件.
如果尝试对同一路径进行多次还原,则可能存在多个包含已还原项目的目录.
Note如果只保留一个每周备份,则只能还原到执行该备份时的文件系统状态.
您无法还原到以前的增量备份.
还原AmazonEFS文件系统1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源)和要还原的EFS资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
指定资源的还原参数.
您输入的还原参数将特定于所选的资源类型.
您可以执行完整还原,这会还原整个文件系统.
或者,您可以使用项目级还原来还原特定的文件和目录.
选择完整还原选项可还原整个文件系统,包括所有根级别的文件夹和文件.
选择项目级还原选项可还原特定的文件或目录.
您最多可以选择并还原AmazonEFS中的五个项目.
要还原特定文件或目录,您必须指定与挂载点相关的相对路径.
例如,如果文件系统挂载到/user/home/myname/efs并且文件路径为user/home/myname/efs/file1,请输入/file1.
路径区分大小写,不能包含特殊字符、通配符和正则表达式字符串.
1.
在项目路径文本框中,输入文件或文件夹的路径.
2.
选择添加项目以添加其他文件或目录.
您可以在ElasticFileSystem中选择并还原最多5个项.
5.
对于Restorelocation(还原位置)如果要还原到源文件系统,请选择还原到源文件系统中的目录选项.
如果要还原到其他文件系统,请选择还原到新文件系统选项.
(推荐)对于Performance(性能),请选择Generalpurpose(通用型).
如果要对文件系统进行加密,请选择启用加密.
在使用IDs(AWSKeyManagementService)控制台创建主密钥AWSKMS和别名后,它们将显示在列表中.
在主密钥文本框中,从列表中选择要使用的密钥.
6.
对于还原角色,选择默认角色.
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
7.
选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
Note如果只保留一个每周备份,则只能还原到执行该备份时的文件系统状态.
您无法还原到以前的增量备份.
还原AmazonDynamoDB数据库还原DynamoDB数据库1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
38AWSBackup开发人员指南使用控制台2.
在导航窗格中,选择Protectedresources(受保护的资源)和要还原的DynamoDB资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
对于Settings(设置),在Newtablename(新表名称)文本字段中,输入新表的名称.
5.
对于还原角色,选择默认角色.
Note如果您的账户中不存在AWSBackup默认角色,则系统将使用正确的权限为您创建一个角色.
6.
选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
Note如果只保留一个每周备份,则只能还原到执行该备份时的文件系统状态.
您无法还原到以前的增量备份.
还原AmazonRDS数据库还原AmazonRDS数据库需要指定多个还原选项.
有关这些选项的更多信息,请参阅https://docs.
amazonaws.
cn/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.
BackupRestore.
html中的备份和还原AmazonRDS数据库实例AmazonRDS用户指南.
还原AmazonRDS数据库1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源)和要还原的AmazonRDS资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
在Instancespecifications(实例规范)窗格中,接受DBengine(数据库引擎)、LicenseModel(许可证模型)、DBinstanceclass(数据库实例类)、MultiAZ(多可用区)和Storagetype(存储类型)设置的默认值或指定这些选项.
5.
在Settings(设置)窗格中,指定您的AWS账户在当前区域中拥有的所有数据库实例的唯一名称.
数据库实例标识符不区分大小写,但它以全小写形式存储,例如"mydbinstance".
此字段为必填字段.
Note如果您的数据库引擎是MySQL、PostgreSQL或MariaDB,请不要指定数据库实例的名称.
数据库实例名称不适用于这些引擎.
6.
在Network&Security(网络和安全)窗格中,接受VirtualPrivateCloud(VPC)、Subnetgroup(子网组)、PublicAccessibility(公共辅助功能)(通常为"Yes(是)")和Availabilityzone(可用区)设置的默认值或指定这些选项.
7.
在Databaseoptions(数据库选项)窗格中,接受Databaseport(数据库端口)、DBparametergroup(数据库参数组)、OptionGroup(选项组)、Copytagstosnapshots(将标签复制到快照)和IAMDBAuthenticationEnabled(已启用IAM数据库身份验证)设置的默认值或指定这些选项.
8.
在Encryption(加密)窗格中,接受Encryption(加密)和Masterkey(主密钥)设置的默认值或指定这些选项.
9.
在Logexports(日志导出)窗格中,选择要发布到AmazonCloudWatchLogs的日志类型.
已定义IAMrole(IAM角色).
10.
在Maintenance(维护)窗格中,接受Autominorversionupgrade(自动次要版本升级)选项的默认值或指定该选项.
11.
在Restorerole(还原角色)窗格中,选择AWSBackup将为此还原承担的IAM角色.
12.
指定所有设置后,选择Restorebackup(恢复备份).
39AWSBackup开发人员指南使用控制台这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
还原AmazonAurora集群还原Aurora集群需要指定多个还原选项.
有关这些选项的信息,请参阅https://docs.
amazonaws.
cn/AmazonRDS/latest/AuroraUserGuide/Aurora.
Managing.
Backups.
html中的备份和还原Aurora数据库集群概述AmazonAurora用户指南.
还原AmazonAurora集群1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源)和要还原的Aurora资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
在Instancespecifications(实例规范)窗格中,接受DBengine(数据库引擎)、DBengineversion(数据库引擎版本)和Capacitytype(容量类型)设置的默认值或指定这些选项.
Note如果选择了Serverless(无服务器)容量类型,则会显示Capacitysettings(容量设置)窗格.
指定MinimumAuroracapacityunit(最小Aurora容量单位)和MaximumAuroracapacityunit(最大Aurora容量单位)设置的选项,或从Additionalscalingconfiguration(其他扩展配置)部分选择不同的选项.
5.
在Settings(设置)窗格中,为您的AWS账户在当前区域中拥有的所有数据库集群实例指定唯一的名称.
数据库集群标识符不区分大小写,但它以全小写形式存储,例如"mydbclusterinstance".
此字段为必填字段.
6.
在Network&Security(网络和安全)窗格中,接受VirtualPrivateCloud(VPC)、Subnetgroup(子网组)和Availabilityzone(可用区)设置的默认值或指定这些选项.
7.
在Databaseoptions(数据库选项)窗格中,接受Databaseport(数据库端口)、DBclusterparametergroup(数据库集群参数组)和IAMDBAuthenticationEnabled(已启用IAM数据库身份验证)设置的默认值或指定这些选项.
8.
在Backup(备份)窗格中,接受Copytagstosnapshots(将标记复制到快照)设置的默认值或指定此选项.
9.
在Backtrack(回溯)窗格中,接受EnableBacktrack(启用回溯)或DisableBacktrack(禁用回溯)设置的默认值或指定这些选项.
10.
在Encryption(加密)窗格中,接受Enableencryption(启用加密)和Disableencryption(禁用加密)设置的默认值或指定这些选项.
11.
在Logexports(日志导出)窗格中,选择要发布到AmazonCloudWatchLogs的日志类型.
已定义IAMrole(IAM角色).
12.
在Restorerole(还原角色)窗格中,选择AWSBackup将为此还原承担的IAM角色.
13.
指定所有设置后,选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
还原AmazonEC2实例还原AmazonEC2实例需要您指定多个还原选项.
有关这些选项的信息,请参阅https://docs.
amazonaws.
cn/AWSEC2/latest/WindowsGuide/concepts.
html中的什么是AmazonEC2AmazonEC2用户指南(适用于Windows实例).
您还可以选择还原选项旁边的Info(信息)链接,以显示帮助信息,包括指向AmazonEC2用户指南(适用于Windows实例)中特定页面的链接.
40AWSBackup开发人员指南使用AWSCLI或API还原AmazonEC2实例1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Protectedresources(受保护的资源)和要还原的AmazonEC2资源ID.
3.
在Resourcedetails(资源详细信息)页面上,将显示所选资源ID的恢复点列表.
要还原资源,请在备份窗格中,选择资源的恢复点ID旁边的单选按钮.
在窗格的右上角,选择还原.
4.
在Networksettings窗格中,接受Instancetype、VirtualPrivateCloud(VPC)、Subnet、Securitygroups和InstanceIAMrole设置的默认值或指定这些选项.
5.
在Restorerole(还原角色)窗格中,接受Defaultrole(默认角色)或ChooseanIAMrole(选择IAM角色)以指定AWSBackup在代表您创建和管理备份时将担任的IAM角色.
6.
在Advancedsettings窗格中,接受Shutdownbehavior、Enableterminationprotection、Placementgroup、T2/T3Unlimited、Tenancy和Userdata设置的默认或指定这些选项.
此部分用于自定义关闭和休眠行为、终止保护、置放群组、租赁和其他高级设置.
7.
指定所有设置后,选择Restorebackup(还原备份).
这将显示还原作业窗格.
页面顶部的消息提供了有关还原作业的信息.
使用AWSCLI或AWSBackupAPI还原备份要使用AWSCommandLineInterface(AWSCLI)或AWSBackupAPI还原备份,您通常需要将资源的配置信息传递到StartRestoreJob(p.
205)API操作.
您还原资源所需的配置信息因您要还原的服务而异.
要获取用来创建备份的配置元数据,您可以调用GetRecoveryPointRestoreMetadata(p.
159),但可能需要其他信息才能还原资源.
每个服务需要不同的配置值来还原恢复点.
AmazonEFS还原元数据在还原AmazonEFS实例时,您可以还原整个文件系统或特定的文件或目录.
要还原AmazonEFS资源,您需要以下信息:file-system-id—由AWSBackup备份的AmazonEFS文件系统的ID.
在GetRecoveryPointRestoreMetadata中返回.
Encrypted—一个布尔值,如果设为true,则指定文件系统已加密.
如果指定了KmsKeyId,则Encrypted必须设置为true.
ItemsToRestore—最多包含五个字符串的序列化列表,其中每个字符串均为一个文件路径.
使用ItemsToRestore可还原特定文件或目录而不是整个文件系统.
KmsKeyId—指定用于加密所还原文件系统的AWSKMS密钥.
PerformanceMode—指定文件系统的吞吐量模式.
CreationToken—用户提供的值,确保请求的唯一性(幂等性).
newFileSystem—一个布尔值,如果为true,则指定恢复点将还原到新的AmazonEFS文件系统.
有关还原到新的文件系统或现有的文件系统的更多信息,请参阅上一部分使用控制台还原备份(p.
35)中的说明.
ItemsToRestore—最多包含五个字符串的序列化列表,其中每个字符串是一个文件路径.
使用ItemsToRestore可还原特定文件或目录而不是整个文件系统.
此参数为可选项.
有关AmazonEFS配置值的更多信息,请参阅create-file-system.
AmazonEC2还原选项您可以使用AWSBackup控制台、开发工具包或AWSCLI还原AmazonEC2实例.
在使用控制台时,为您提供了以下两个选项:41AWSBackup开发人员指南停止备份作业使用默认设置进行还原这是建议的选项.
此选项使用可在控制台上自定义的参数和设置来还原AmazonEC2实例.
这些参数包括:实例类型AmazonVPC子网安全组IAM角色关机行为停止-休眠行为终止保护T2/T3无限模式置放群组名称EBS优化的实例TenancyRAM磁盘ID内核ID用户数据终止时删除已预填充这些参数以匹配原始备份.
您可以在还原实例之前更改这些参数.
AWSBackup将标识具有可能无效或可能导致无效还原的值的参数.
主还原此选项将还原所有38个参数,包括无法在控制台上自定义的22个参数.
如果您需要所有38个参数,并且无需验证或自定义即可轻松还原参数,则此选项很适合.
您还可以在不包含任何存储的参数的情况下还原AmazonEC2实例.
此选项在AWSBackup控制台上的受保护的资源选项卡上可用.
停止备份作业您可以在AWSBackup中启动备份作业之后停止该作业.
当您执行此操作时,将不创建备份,并且备份作业状态的记录保留,其状态为aborted(已中止).
使用AWSBackup控制台停止备份作业1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在左侧的导航窗格中,选择Jobs(作业).
3.
选择要停止的备份作业.
4.
在备份作业详细信息窗格中,选择Stop(停止).
查看备份列表有两种方法可以使用AWSBackup控制台查看备份的列表.
您可查看与特定AWS资源关联的备份.
或者,您可以查看存储在单个备份文件库中的所有备份,这些可以是跨多个AWS资源并具有不同资源类型的备份.
42AWSBackup开发人员指南按受保护资源列出备份主题按受保护资源列出备份(p.
43)按备份文件库列出备份(p.
43)按受保护资源列出备份在AWSBackup控制台上按照以下步骤,查看特定资源的备份列表.
1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在导航窗格中,选择Protectedresources(受保护资源).
3.
在列表中,选择一个受保护的资源来查看备份的列表.
Protectedresources(受保护的资源)下方仅列出已由AWSBackup备份的资源.
您可以查看资源的备份,甚至那些不是由AWSBackup创建的备份.
从此视图中,您还可以选择备份并进行还原.
按备份文件库列出备份按照以下步骤,查看备份文件库中排列的备份列表.
1.
从https://console.
amazonaws.
cn/backup打开AWSBackup控制台.
2.
在导航窗格中,选择Backupvaults(备份文件库).
3.
在Backups(备份)部分中,查看此备份文件库中组织的所有备份的列表.
在此视图中,您可以选择一个备份并进行编辑、删除或还原.
编辑备份使用AWSBackup创建备份之后,您可以更改备份的生命周期或标签.
生命周期定义备份何时转换到冷存储以及何时过期.
AWSBackup将根据您定义的生命周期自动转换备份和使备份过期.
目前,只有AmazonEFS文件系统备份可以转换为冷存储.
对于AmazonElasticBlockStore(AmazonEBS)、AmazonRelationalDatabaseService(AmazonRDS)、AmazonAurora、AmazonDynamoDB和AWSStorageGateway的备份,将忽略冷存储表达式.
Note只有AmazonElasticFileSystem(AmazonEFS)文件系统的备份支持使用AWSBackup编辑备份的标签.
您仍可使用其他服务的控制台或API来编辑该服务的标签.
转换到冷存储的备份必须在冷存储中存储至少90天.
因此,"过期前经过的天数"设置必须比"转换为冷态前经过的天数"设置多90天.
当您更新"转换为冷态前经过的天数"设置之后,该值必须至少为备份期限加上一天.
在备份转换为冷态后,无法更改"转换为冷态前经过的天数"设置.
以下示例演示如何更新备份的生命周期.
编辑备份的生命周期1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
2.
在导航窗格中,选择Backupvaults(备份文件库).
43AWSBackup开发人员指南编辑备份3.
在Backups(备份)部分中,选择备份.
4.
在备份详细信息页面上,选择Edit(编辑).
5.
配置生命周期设置,然后选择Save(保存).
44AWSBackup开发人员指南在管理账户中创建组织跨多个AWS账户管理AWSBackup资源您可以使用AWSBackup中的跨账户管理功能来跨使用AWSOrganizations配置的AWS账户管理和监控备份、还原和复制作业.
AWSOrganizations是一项服务,可为单个中的多个AWS账户提供基于策略的管理.
管理账户它使您能够标准化您实施备份策略的方式,同时最大限度地减少手动错误和工作量.
从中心视图中,您可以轻松地识别所有账户中符合您感兴趣的条件的资源.
如果设置了AWSOrganizations,则可以将AWSBackup配置为在一个位置监视所有账户中的活动.
您可通过AWSBackup控制台或AWSCommandLineInterface(AWSCLI)完成这一操作.
您还可以创建备份策略并将其应用于属于组织一部分的选定账户,并直接从AWSBackup控制台查看聚合备份作业活动.
此功能使备份管理员能够从单个管理账户有效地监控其整个企业中数百个账户的备份作业状态.
跨账户管理功能在以下AWS区域不可用:中东(巴林)亚太地区(香港)AWSGovCloud中国(北京)中国(宁夏)要使用跨账户管理,您必须执行以下步骤:1.
在管理账户中创建AWSOrganizations并在管理账户下添加账户.
2.
在AWSBackup中启用跨账户管理功能.
3.
创建备份策略以应用于管理账户下的所有AWS账户.
Note对于由组织管理的备份计划,管理账户中的资源选择加入设置将覆盖成员账户中的设置.
4.
管理所有AWS账户中的备份、恢复和复制作业.
主题在管理账户中创建组织(p.
45)启用跨账户管理(p.
46)创建备份策略(p.
46)监控多个AWS账户中的活动(p.
49)定义策略、策略语法和策略继承(p.
49)在管理账户中创建组织首先,您需要创建您的组织并使用AWSOrganizations中的AWS成员账户对此组织进行配置.
在管理账户中创建AWSOrganizations并添加账户有关说明,请参阅教程:用户指南中的创建和配置组织AWSOrganizations.
45AWSBackup开发人员指南启用跨账户管理启用跨账户管理在AWSBackup中使用跨账户管理之前,您必须启用该功能(即选择加入该功能).
启用此功能后,您可以创建备份策略,以允许您自动同时管理多个账户.
启用跨账户管理1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
您只能通过管理账户执行此操作.
2.
在左侧导航窗格中,选择设置以打开跨账户管理页面.
3.
在备份策略部分中,选择启用.
这使您可以访问所有账户,并允许您创建策略以便同时自动管理组织中的多个账户.
4.
在跨账户监控部分中,选择启用.
这使您能够从管理账户监控组织中所有账户的备份、复制和还原活动.
创建备份策略启用跨账户管理后,通过创建策略,您可以同时从管理多个账户的资源.
管理账户创建备份策略1.
在左侧导航窗格中,选择备份策略.
在备份策略页上,选择创建备份策略.
2.
在详细信息部分中,输入备份策略名称并提供说明.
3.
在备份计划详细信息部分中,选择可视编辑器选项卡,然后执行以下操作:a.
对于备份计划名称,输入名称.
b.
对于区域,从列表中选择一个区域.
4.
在备份规则配置部分中,选择添加备份规则.
a.
对于规则名称,输入规则的名称.
规则名称区分大小写,只能包含字母数字字符或连字符.
b.
对于计划,请在频率列表中选择备份频率,然后选择备份时段选项之一.
我们建议您选择使用备份时段默认值—建议.
5.
对于生命周期,请选择所需的生命周期设置.
6.
对于备份保管库名称,输入一个名称.
这是将存储由备份创建的恢复点的备份保管库.
确保您的所有账户中都存在备份保管库.
AWSBackup不会对此进行检查.
7.
(可选)如果您希望将备份复制到另一AWS区域,请从列表中选择目标区域,然后添加标签.
无论跨区域复制设置如何,您都可以为创建的恢复点选择标签.
您还可以添加更多规则.
8.
在资源分配部分中,提供AWSIdentityandAccessManagement(IAM)角色的名称.
AWSBackup在每个账户中代入此角色,并具有执行备份和复制作业的权限.
此角色也用于生命周期删除.
NoteAWSBackup不会验证角色是否存在或者是否可以代入角色.
由跨账户管理创建的备份计划,AWSBackup将使用管理账户中的选择加入设置,并覆盖特定账户的设置.
对于要添加备份策略的每个账户,您需要自行创建保管库和IAM角色.
9.
如果需要,则将标签添加到备份计划.
46AWSBackup开发人员指南创建备份策略10.
如果要备份的资源在实例上运行MicrosoftWindows,请在Advancedsettings(高级设置)部分中,选择WindowsVSSAmazonEC2.
这使您能够进行应用程序一致性WindowsVSS备份.
NoteAWSBackup目前仅支持在AmazonEC2上运行的资源的应用程序一致性备份.
WindowsVSS备份并不支持所有实例类型或应用程序.
有关更多信息,请参阅创建启用VSS的Windows备份(p.
32).
11.
选择添加备份计划以将其添加到策略中,然后选择创建备份策略.
创建备份策略不会保护您的资源,直到您将其附加到账户.
您可以选择您的策略名称并查看详细信息.
以下是创建备份计划的示例AWSOrganizations策略.
如果您启用WindowsVSS备份,则需要添加允许您执行应用程序一致性备份的权限如策略的advanced_backup_settings部分所示.
{"plans":{"PiiMasterBackupPlan":{"regions":{"@@append":["us-east-1","eu-north-1"]},"rules":{"Hourly":{"schedule_expression":{"@@assign":"cron(00/1},"start_backup_window_minutes":{"@@assign":"60"},"complete_backup_window_minutes":{"@@assign":"604800"},"target_backup_vault_name":{"@@assign":"FortKnox"},"recovery_point_tags":{"owner":{"tag_key":{"@@assign":"Owner"},"tag_value":{"@@assign":"Backup"}}},"lifecycle":{"delete_after_days":{"@@assign":"2"},"move_to_cold_storage_after_days":{"@@assign":"180"}},"copy_actions":{"arn:aws:backup:eu-north-1:$account:backup-vault:myTargetBackupVault":{"target_backup_vault_arn":{"@@assign":"arn:aws:backup:eu-north-1:$account:backup-vault:myTargetBackupVault"},"lifecycle":{"delete_after_days":{"@@assign":"28"47AWSBackup开发人员指南创建备份策略},"move_to_cold_storage_after_days":{"@@assign":"180"}}}}}},"selections":{"tags":{"SelectionDataType":{"iam_role_arn":{"@@assign":"arn:aws:iam::$account:role/MyIamRole"},"tag_key":{"@@assign":"dataType"},"tag_value":{"@@assign":["PII","RED"]}}}},"advanced_backup_settings":{"ec2":{"windows_vss":{"@@assign":"enabled"}},"backup_plan_tags":{"stage":{"tag_key":{"@@assign":"Stage"},"tag_value":{"@@assign":"Beta"}}}}}}12.
在目标部分中,选择要将策略附加到的组织单位或账户,然后选择附加.
此策略也可以添加到各个组织单位或账户中.
Note您应验证您的策略,并确保在策略中包含所有必填字段.
如果策略的某些部分无效,则AWSBackup忽略这些部分,但策略的有效部分将按预期工作.
目前,AWSBackup不为AWSOrganizations开发工具包和JSON提供策略验证.
如果应用于管理账户和成员账户的策略发生冲突,则两个策略都会执行而不会出现问题(即,这两个策略将针对每个账户独立执行).
例如,如果主策略每天备份一个AmazonEBS卷,而本地策略每周备份一次EBS卷,则两个策略都将执行.
如果将应用于某个账户的有效策略中缺少必填字段(可能是由于不同策略之间的合并所致),则AWSBackup根本不会将该策略应用于该账户.
如果某些设置无效,AWSBackup将对其进行调整.
无论从备份策略创建的备份计划中成员账户中的选择加入设置如何,AWSBackup都将使用组织的管理账户中指定的选择加入设置.
48AWSBackup开发人员指南监控多个AWS账户中的活动当您将策略附加到组织单位时,加入此组织单位的每个账户都会自动获取此策略,从组织单位中删除的每个账户都会失去此策略.
相应的备份计划将自动从该账户中删除.
监控多个AWS账户中的活动要跨账户监控备份、复制和还原作业,必须启用跨账户监控.
这样,您就可以从组织管理账户中监控所有账户的备份活动.
选择加入后,组织中在选择加入后创建的所有作业都将可见.
选择退出时,AWSBackup将作业在聚合视图中保留30天(从到达终点状态开始).
在选择退出后创建的作业不可见,也不显示任何新创建的备份作业.
有关选择加入的说明,请参阅启用跨账户管理(p.
46).
监控多个账户1.
通过以下网址登录AWS管理控制台并打开AWSBackup控制台:https://console.
amazonaws.
cn/backup.
您只能通过管理账户执行此操作.
2.
在左侧导航窗格中,选择设置以打开跨账户管理页面.
3.
在跨账户监控部分中,选择启用.
这使您能够从管理账户监控组织中所有账户的备份和还原活动.
4.
在左侧导航窗格中,选择跨账户监控.
5.
在跨账户监控页面上,选择备份作业、还原作业或复制作业选项卡,以查看在所有账户中创建的所有作业.
您可以通过AWS账户ID查看其中的每个作业,并可以查看特定账户中的所有作业.
6.
在搜索框中,您可以按账户ID、状态或作业ID筛选作业.
例如,您可以选择备份作业选项卡并查看在您的所有账户中创建的所有备份作业.
您可以按账户ID筛选列表,并查看在该账户中创建的所有备份作业.
定义策略、策略语法和策略继承AWSOrganizations用户指南中记录了以下主题.
备份策略–请参阅备份策略.
策略语法–请参阅备份策略语法和示例.
管理策略类型的继承–请参阅管理策略类型的继承.
49AWSBackup开发人员指南数据保护AWSBackup中的安全性AWS的云安全性的优先级最高.
作为AWS客户,您将从专为满足大多数安全敏感型组织的要求而打造的数据中心和网络架构中受益.
安全性是AWS和您的共同责任.
责任共担模型将其描述为云的安全性和云中的安全性:云的安全性–AWS负责保护在AWS云中运行AWS服务的基础设施.
AWS还向您提供可安全使用的服务.
作为AWS合规性计划的一部分,第三方审核人员将定期测试和验证安全性的有效性.
要了解适用于AWSBackup的合规性计划,请参阅合规性计划范围内的AWS服务.
云中的安全性–您的责任由您使用的AWS服务决定.
您还需要对其他因素负责,包括您的数据的敏感性、您公司的要求以及适用的法律法规.
该文档帮助您了解如何在使用AWSBackup时应用责任共担模型.
以下主题说明如何配置AWSBackup以实现您的安全性和合规性目标.
您还将了解如何使用其他AWS服务来帮助您监控和保护您的AWSBackup资源.
主题AWSBackup中的数据保护(p.
50)AWSBackup中的IdentityandAccessManagement(p.
52)AWSBackup中的日志记录和监控(p.
70)AWSBackup的合规性验证(p.
70)AWSBackup中的恢复功能(p.
70)AWSBackup中的基础设施安全性(p.
71)AWSBackup中的数据保护AWSBackup符合AWS责任共担模式,此模式包含适用于数据保护的法规和准则.
AWS负责保护运行所有AWS服务的全球基础设施.
AWS保持对此基础设施上托管的数据的控制,包括用于处理客户内容和个人数据的安全配置控制.
充当数据控制者或数据处理者的AWS客户和AWS合作伙伴网络(APN)合作伙伴对他们在AWS云中放置的任何个人数据承担责任.
出于数据保护目的,我们建议您保护AWS账户凭证并使用AWSIdentityandAccessManagement(IAM)设置单独的用户账户.
这可帮助确保仅向每个用户授予履行其工作职责所需的权限.
我们还建议您通过以下方式保护您的数据:对每个账户使用Multi-FactorAuthentication(MFA).
使用安全套接字层(SSL)/传输层安全性(TLS)与AWS资源通信.
使用AWS加密解决方案以及AWS服务中的所有默认安全控制.
我们强烈建议您切勿将敏感的可识别信息(例如您客户的账号)放入自由格式字段(例如Name(名称)字段).
这包括使用控制台、API、AWSBackup或AWSAWSCLI处理AWS或其他SDKs服务时.
您输入到AWSBackup或其他服务中的任何数据都可能被选取以包含在诊断日志中.
当您向外部服务器提供URL时,请勿在URL中包含凭证信息来验证您对该服务器的请求.
50AWSBackup开发人员指南AWS中的备份的加密有关数据保护的更多信息,请参阅AWS安全博客上的责任共担模型和GDPRAWS博客文章.
AWS中的备份的加密AWS中的所有备份都使用AWSKMS托管密钥(SSE-KMS)进行加密.
配置加密的方式因资源类型而异.
在加密备份时,某些资源类型支持使用与用于加密源资源的密钥不同的加密密钥.
此功能为备份添加了另一层保护.
下表列出了每种受支持的资源类型、如何为备份配置加密以及是否支持独立的备份加密.
资源类型如何配置加密独立备份加密AmazonElasticBlockStore(AmazonEBS)AmazonEBS快照使用与加密源EBS卷相同的加密密钥自动加密.
未加密的EBS卷的快照也没有加密.
不支持AmazonRelationalDatabaseService(AmazonRDS)AmazonRDS快照使用与加密源AmazonRDS数据库相同的加密密钥自动加密.
未加密的AmazonRDS数据库的快照也没有加密.
NoteAWSBackup当前支持包括AmazonAurora在内的所有AmazonRDS数据库引擎.
不支持AmazonAuroraAurora集群快照使用与加密源AmazonAurora集群相同的加密密钥自动加密.
未加密的Aurora集群的快照也没有加密.
不支持AmazonElasticFileSystem(AmazonEFS)AmazonEFS备份始终加密.
AmazonEFS备份的AWSKMS加密密钥在AWSBackup文件库(AmazonEFS备份存储在其中)中进行配置.
支持AmazonDynamoDBDynamoDB备份始终加密.
DynamoDB备份使用与加密源DynamoDB表相同的加密密钥自动加密.
未加密的DynamoDB表的快照也没有加密.
不支持AWSStorageGatewayAWSStorageGateway快照使用与加密源AWSStorageGateway卷相同的加密密钥自动加密.
未加密的AWSStorageGateway卷的快照也没有加密.
Note您无需在所有服务中使用客户主密钥(CMK)即可启用AWSStorageGateway.
您只需将StorageGateway备份不支持51AWSBackup开发人员指南IdentityandAccessManagement资源类型如何配置加密独立备份加密复制到已配置CMK的保管库.
这是因为StorageGateway没有特定于服务的AWSKMS托管密钥.
备份副本的加密默认情况下,AWSBackup会尽可能加密备份副本,即使原始备份未加密也是如此.
对于加密备份副本,您有两种选择:对目标备份保管库使用默认AWS托管CMK.
每项服务的默认密钥都不相同并由AWS托管.
指定要由复制作业使用的所有服务中的客户托管CMK.
这是AWSStorageGateway备份的唯一支持选项.
有关AWSKMS的更多信息,请参阅什么是AWSKeyManagementService要了解有关AWSBackup支持的每项服务的备份加密的更多信息,请参阅以下主题:用户指南中的使用AWSKeyManagementService加密您的数据AWSStorageGateway.
中的AmazonRDS加密资源AmazonRDS用户指南AWSBackup中的IdentityandAccessManagement访问AWSBackup需要凭证.
这些凭证必须有权访问AWS资源,如AmazonDynamoDB数据库或AmazonEBS卷.
以下部分详细说明如何使用AWSIdentityandAccessManagement(IAM)和AWSBackup帮助保护对您的资源的访问.
主题Authentication(p.
52)访问控制(p.
53)IAM服务角色(p.
67)AWSBackup的服务相关角色(p.
68)Authentication访问AWSBackup或您要备份的AWS服务时,需要AWS可用于对请求进行身份验证的凭证.
您可以以下面任一类型的身份访问AWS:AWS账户根用户–注册AWS时,您需要提供与您的AWS账户关联的电子邮件地址和密码.
这就是您的AWS账户根用户.
其凭证可为您提供访问您所有AWS资源的完整权限.
Important出于安全原因,我们建议您仅使用root用户来创建管理员.
管理员是对您的AWS账户拥有完全权限的IAM用户.
然后,您可以使用此管理员用户来创建权限有限的其他IAM用户和角色.
有关更多信息,请参阅中的IAM最佳实践和创建您的第一个IAM管理员用户和组.
IAM用户指南52AWSBackup开发人员指南访问控制IAM用户–IAM用户是您的AWS账户中的一种身份,它具有特定的自定义权限(例如,创建备份文件库以存储备份的权限).
您可以使用IAM用户名和密码登录以保护AWS网页(如AWS管理控制台、AWS开发论坛或AWSSupportCenter).
除了用户名和密码之外,您还可以为每个用户生成访问密钥.
在通过AWS几个之一SDKs或使用(AWSCLI)AWSCommandLineInterface以编程方式访问服务时,可以使用这些密钥.
开发工具包和AWSCLI工具使用访问密钥对您的请求进行加密签名.
如果您不使用AWS工具,则必须自行对请求签名.
有关验证请求的更多信息,请参阅AWSGeneralReference中的签名版本4签名流程.
IAM角色–IAM角色是可在账户中创建的另一种具有特定权限的IAM身份.
它类似于IAM用户,但未与特定人员关联.
利用IAM角色,您可以获得可用于访问AWS服务和资源的临时访问密钥.
具有临时凭证的IAM角色在以下情况下很有用:联合身份用户访问–您可以不创建IAM用户,而是使用来自AWSDirectoryService、您的企业用户目录或Web身份提供商的既有用户身份.
这些用户被称为联合身份用户.
在通过身份提供商请求访问权限时,AWS将为联合身份用户分配角色.
有关联合身份用户的更多信息,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/introduction_access-management.
html#intro-access-roles中的IAM用户指南联合身份用户和角色.
跨账户管理–可以使用您的账户中的IAM角色向另一个AWS账户授予权限以管理您的账户的资源.
有关示例,请参阅教程:.
中的AWS使用IAM角色委派跨账户的访问权限.
IAM用户指南AWS服务访问–可以使用您账户中的IAM角色向AWS服务授予对您账户的资源的访问权.
有关更多信息,请参阅AWS中的创建向IAM用户指南服务委派权限的角色.
在AmazonElasticComputeCloud(AmazonEC2)上运行的应用程序–您可以使用IAM角色管理在AmazonEC2实例上运行的应用程序的临时凭证并发出AWSAPI请求.
这优先于在EC2实例中存储访问密钥.
要将AWS角色分配给EC2实例并使其对该实例的所有应用程序可用,您可以创建一个附加到实例的实例配置文件.
实例配置文件包含角色,并使EC2实例上运行的程序能够获得临时凭证.
有关更多信息,请参阅中的使用IAM角色向在AmazonEC2实例上运行的应用程序授予权限.
IAM用户指南访问控制您可以使用有效的凭证来对自己的请求进行身份验证,但您还必须拥有适当权限才能访问备份文件库等AWSBackup资源.
您还无法备份AWS资源,如AmazonElasticBlockStore(AmazonEBS)卷.
每个AWS资源都归某个AWS账户所有,创建和访问资源的权限由权限策略进行管理.
账户管理员可以向AWSIdentityandAccessManagement(IAM)身份(即:用户、组和角色)附加权限策略.
有些服务还支持向资源附加权限策略.
Note账户管理员(或管理员用户)是具有管理员权限的用户.
有关更多信息,请参阅IAM用户指南中的IAM最佳实践.
在授予权限时,您要决定谁获得权限,获得对哪些资源的权限,以及您允许对这些资源执行的具体操作.
以下各部分介绍了访问策略的工作原理以及如何使用它们来保护备份.
53AWSBackup开发人员指南访问控制主题资源和操作(p.
54)资源所有权(p.
54)指定策略元素:操作、效果和委托人(p.
55)在策略中指定条件(p.
55)AWSBackupAPI权限:操作、资源和条件参考(p.
55)访问策略(p.
56)托管策略(p.
56)资源和操作资源是服务中存在的对象.
AWSBackup资源包括备份计划、备份文件库和备份.
备份是一个泛称,意指AWS中存在的各种类型的备份资源.
例如,AmazonEBS快照、AmazonRelationalDatabaseService(AmazonRDS)快照和AmazonDynamoDB备份是所有类型的备份资源.
在AWSBackup中,备份也称为恢复点.
当使用AWSBackup时,您还可以使用您尝试保护的其他AWS服务中的资源,例如AmazonEBS卷或DynamoDB表.
这些资源具有与其关联的唯一Amazon资源名称(ARN).
ARNs唯一标识AWS资源.
当您需要在AWS全局环境中(例如在IAM策略或API调用中)明确指定一项资源时,您必须拥有ARN.
下表列出了资源、子资源和ARN格式.
AWSBackup资源ARNs资源类型ARN格式备份计划arn:aws:backup:region:account-id:backup-plan:*备份文件库arn:aws:backup:region:account-id:backup-vault:*AmazonEBS的恢复点arn:aws:ec2:region::snapshot/*AmazonEFS的恢复点arn:aws:backup:region:account-id:recovery-point:*AmazonRDS的恢复点arn:aws:rds:region:account-id:snapshot:awsbackup:*AmazonAurora的恢复点arn:aws:rds:region:account-id:cluster-snapshot:awsbackup:*AWSStorageGateway的恢复点arn:aws:ec2:region::snapshot/*DynamoDB的恢复点arn:aws:dynamodb:region:account-id::table/*/backup/*AWSBackup提供一组操作用来处理AWSBackup资源.
有关可用操作的列表,请参阅AWSBackupActions(p.
89).
资源所有权AWS账户对在该账户下创建的资源具有所有权,而无论创建资源的人员是谁.
具体而言,资源所有者是对资源创建请求进行身份验证的委托人实体(即AWS账户根用户、IAM用户或IAM角色)的AWS账户.
以下示例说明了它的工作原理:如果您使用AWS账户的根用户凭证创建备份文件库,则您的AWS账户即为该文件库的所有者.
如果您在您的AWS账户中创建IAM用户并向该用户授予创建备份文件库的权限,则该用户可以创建备份文件库.
但是,您的AWS账户(即该用户所属的账户)拥有备份文件库资源.
54AWSBackup开发人员指南访问控制如果您在自己的AWS账户中创建IAM角色,使其具有创建备份文件库的权限,则能够代入该角色的任何人都可以创建文件库.
您的AWS账户(即该角色所属的账户)拥有备份文件库资源.
指定策略元素:操作、效果和委托人该服务对每个AWSBackup资源(请参阅资源和操作(p.
54))都定义了一组API操作(请参阅Actions(p.
89)).
为了授予执行这些API操作的权限,AWSBackup定义了一组您可以在策略中指定的操作.
执行一个API操作可能需要多个操作的权限.
以下是最基本的策略元素:Resource(资源)–在策略中,您可以使用Amazon资源名称(ARN)标识策略应用到的资源.
有关更多信息,请参阅资源和操作(p.
54).
Action(操作)–您可以使用操作关键字标识要允许或拒绝的资源操作.
Effect(效果)–您可以指定当用户请求特定操作(可以是允许或拒绝)时的效果.
如果没有显式授予(允许)对资源的访问权限,则隐式拒绝访问.
您也可显式拒绝对资源的访问,这样可确保用户无法访问该资源,即使有其他策略授予了访问权限的情况下也是如此.
Principal(委托人)–在基于身份的策略(IAM策略)中,附加了策略的用户是隐式委托人.
对于基于资源的策略,您可以指定要接收权限的用户、账户、服务或其他实体(仅适用于基于资源的策略).
要了解有关IAM策略语法和说明的更多信息,请参阅中的IAMJSON策略参考.
IAM用户指南有关显示所有AWSBackupAPI操作的表,请参阅AWSBackupAPI权限:操作、资源和条件参考(p.
55).
在策略中指定条件当您授予权限时,可使用IAM策略语言来指定规定策略何时生效的条件.
例如,您可能希望策略仅在特定日期后应用.
有关使用策略语言指定条件的更多信息,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/reference_policies_elements_condition.
html中的条件IAM用户指南.
要表示条件,您可以使用预定义的条件键.
没有特定于AWSBackup的条件键.
但有AWS范围内的条件密钥,您可以根据需要使用.
有关AWS范围内的键的完整列表,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/reference_policies_condition-keys.
html中的AWS全局条件上下文键IAM用户指南.
NoteAWSBackup不支持其任何操作的访问策略中的标记或上下文键条件.
AWSBackupAPI权限:操作、资源和条件参考在设置访问控制(p.
53)和编写可附加到IAM身份的权限策略(基于身份的策略)时,可使用下面的列表作为参考.
该列表包含每个AWSBackupAPI操作、您可授予执行权限的对应操作以及您可授予权限的AWS资源.
您可以在策略的Action字段中指定这些操作,并在策略的Resource字段中指定资源值.
您可以在AWSBackup策略中使用AWS范围的条件键来表达条件.
有关AWS范围内的键的完整列表,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/reference_policies_elements.
html#AvailableKeys中的IAM用户指南可用键.
要在备份文件库中存储的资源上保存元数据标签,指定的资源类型需要以下权限.
为备份分配标签所需的权限资源类型所需权限AmazonEFS文件系统elasticfilesystem:DescribeTags55AWSBackup开发人员指南访问控制资源类型所需权限AmazonEBS卷ec2:DescribeTagsAmazonRDS数据库和AmazonAurora集群rds:ListTagsForResourceAWSStorageGateway卷storagegateway:ListTagsForResourceAmazonEC2实例EC2:DescribeTagsEC2:DescribeSnapshots访问策略权限策略规定谁可以访问哪些内容.
附加到IAM身份的策略称为基于身份的策略(IAM策略).
附加到资源的策略称为基于资源的策略.
AWSBackup支持基于身份的策略和基于资源的策略.
Note本节介绍如何在AWSBackup范围内使用IAM.
它不提供有关IAM服务的详细信息.
有关完整的IAM文档,请参阅IAM用户指南中的什么是IAM有关IAM策略语法和说明的信息,请参阅中的IAMJSON策略参考.
IAM用户指南基于身份的策略(IAM策略)基于身份的策略是可以附加到IAM身份(如用户或角色)的策略.
例如,您可以定义一个策略,使之允许用户查看和备份AWS资源,但阻止用户还原备份.
有关用户、组、角色和权限的更多信息,请参阅IAM用户指南中的身份(用户、组和角色).
有关如何使用IAM策略控制对备份的访问的信息,请参阅托管策略(p.
56).
基于资源的策略AWSBackup支持备份文件库的基于资源的访问策略.
这使您可以定义访问策略,用于控制哪些用户对于存储在备份文件库中的任何备份具有哪种类型的访问权限.
备份文件库的基于资源的访问策略提供了一种控制备份访问的简便方法.
在使用AWSBackupAPIs时,备份文件库访问策略可控制用户访问.
一些备份类型(如AmazonElasticBlockStore(AmazonEBS)和AmazonRelationalDatabaseService(AmazonRDS)快照)也可以通过这些服务的APIs进行访问.
您可以在IAM中创建单独的访问策略,以控制对这些APIs的访问,从而完全控制对备份的访问.
要了解如何创建备份文件库的访问策略,请参阅在备份文件库和恢复点上设置访问策略(p.
26).
托管策略托管策略是基于身份的独立策略,您可以将其附加到AWS账户中的多个用户、组和角色.
您可以使用AWS托管策略或客户托管策略控制对AWSBackup中备份的访问.
AWS托管策略AWS托管策略是由AWS创建和管理的独立策略.
AWS托管策略可用于为许多常见使用案例提供权限.
与必须自己编写策略相比,通过AWS托管策略可以更轻松地将适当的权限分配给用户、组和角色.
您无法更改AWS托管策略中定义的权限.
AWS有时会更新AWS托管策略中定义的权限.
当发生此情况时,更新会影响策略附加到的所有委托人实体(用户、组和角色).
AWSBackup为常见使用案例提供了多个AWS托管策略.
使用这些策略可以更轻松地定义正确的权限并控制对备份的访问.
有两种托管策略.
一种类型旨在分配给用户,以控制他们对AWSBackup的访问.
另一种56AWSBackup开发人员指南访问控制托管策略旨在附加到您传递给AWSBackup的角色.
这些策略是使用AWSBackup所需的适当权限预定义的,以代表您执行备份操作.
下表列出了AWSBackup提供的所有托管策略,并说明了它们的定义方式.
您可以在IAM控制台的策略部分找到这些托管策略.
策略名称IAM托管策略名称Description备份管理员IAM策略AWSBackupFullAccess(已弃用AWSBackupAdminPolicy)备份管理员具有AWSBackup操作的完全访问权限,包括创建或编辑备份计划、将AWS资源分配给备份计划以及还原备份.
备份管理员负责通过定义满足其组织的业务和法规要求的备份计划来确定和强制实施备份合规性.
备份管理员还需确保将其组织的AWS资源分配给适当的计划.
备份操作员IAM策略AWSBackupOperatorAccess(已弃用AWSBackupOperatorPolicy)备份操作员是这样的用户,他们负责确保正确备份自己负责的资源.
备份操作员有权将AWS资源分配给备份管理员创建的备份计划.
他们还有权创建其AWS资源的按需备份,以及配置按需备份的保留周期.
备份操作员无权创建或编辑备份计划,也无权在创建备份计划后删除计划备份.
备份操作员可以还原备份.
您可以限制备份操作员可分配给备份计划或从备份还原的资源类型.
为此,您可以仅允许将某些具有特定资源类型权限的服务角色传递给AWSBackup.
备份管理员AWSOrganizations策略AWSBackupOrganizationAdminAccess组织管理员对AWSOrganizations操作具有完全访问权限,这些操作包括创建、编辑或删除备份策略,将备份策略分配给账户和组织单位,以及监视组织内的备份活动.
组织管理员负责通过定义和分配满足其组织业务和管理法规要求的备份策略来保护其组织中的账户.
用于备份的默认服务角色策略AWSBackupServiceRolePolicyForBackup提供AWSBackup权限以代表您创建所有支持的资源类型的备份.
用于还原的默认服务角色策略AWSBackupServiceRolePolicyForRestores提供AWSBackup权限以代表您还原所有支持的资源类型的备份.
客户管理的策略您可以创建在自己的AWS账户中管理的独立策略.
这些策略称为客户托管策略.
随后可以将这些策略附加到您AWS账户中的多个委托人实体.
将策略附加到委托人实体时,便向实体授予了策略中定义的权限.
57AWSBackup开发人员指南访问控制创建客户托管策略的一种方式是:首先复制一个现有AWS托管策略.
这样从一开始您就可以确信策略是正确的,只需根据您的环境进行自定义即可.
以下策略指定个别AWS服务的备份和还原权限.
它们可以经过定制并附加到您创建的角色,以进一步限制对AWS资源的访问.
单个AWS服务的备份和还原策略服务备份策略服务还原策略DynamoDB备份策略{"Version":"2012-10-17","Statement":[{"Action":["dynamodb:DescribeTable","dynamodb:CreateBackup"],"Resource":"arn:aws:dynamodb:*:*:table/*","Effect":"Allow"},{"Action":["dynamodb:DescribeBackup","dynamodb:DeleteBackup"],"Resource":"arn:aws:dynamodb:*:*:table/*/backup/*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}]}DynamoDB还原策略{"Version":"2012-10-17","Statement":[{"Action":["dynamodb:DescribeBackup","dynamodb:DescribeTable","dynamodb:RestoreTableFromBackup","dynamodb:Scan","dynamodb:Query","dynamodb:UpdateItem","dynamodb:PutItem","dynamodb:GetItem","dynamodb:DeleteItem","dynamodb:BatchWriteItem"],"Resource":"arn:aws:dynamodb:*:*:table/*","Effect":"Allow"},{"Action":["dynamodb:RestoreTableFromBackup"],"Resource":"arn:aws:dynamodb:*:*:table/*/backup/*","Effect":"Allow"}]}AmazonEBS备份策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"ec2:CreateTags","Resource":"arn:aws:ec2:*::snapshot/*"},{"Effect":"Allow",AmazonEBS还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:CreateVolume","ec2:DeleteVolume"],"Resource":["arn:aws:ec2:*::snapshot/*",58AWSBackup开发人员指南访问控制服务备份策略服务还原策略"Action":["ec2:CreateSnapshot","ec2:DeleteSnapshot"],"Resource":["arn:aws:ec2:*::snapshot/*","arn:aws:ec2:*:*:volume/*"]},{"Effect":"Allow","Action":["ec2:DescribeVolumes","ec2:DescribeSnapshots"],"Resource":"*"},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}]}"arn:aws:ec2:*:*:volume/*"]},{"Effect":"Allow","Action":["ec2:DescribeSnapshots","ec2:DescribeVolumes"],"Resource":"*"}]}59AWSBackup开发人员指南访问控制服务备份策略服务还原策略AmazonEFS备份策略{"Version":"2012-10-17","Statement":[{"Action":["elasticfilesystem:Backup"],"Resource":"arn:aws:elasticfilesystem:*:*:file-system/*","Effect":"Allow"},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}]}AmazonEFS还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["elasticfilesystem:Restore","elasticfilesystem:CreateFilesystem","elasticfilesystem:DescribeFilesystems","elasticfilesystem:DeleteFilesystem"],"Resource":"arn:aws:elasticfilesystem:*:*:file-system/*"}]}60AWSBackup开发人员指南访问控制服务备份策略服务还原策略AmazonRDS备份策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["rds:AddTagsToResource","rds:ListTagsForResource","rds:DescribeDBSnapshots","rds:CreateDBSnapshot","rds:CopyDBSnapshot","rds:DescribeDBInstances"],"Resource":"*"},{"Effect":"Allow","Action":["rds:DeleteDBSnapshot"],"Resource":["arn:aws:rds:*:*:snapshot:awsbackup:*"]},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"},{"Action":"kms:DescribeKey","Effect":"Allow","Resource":"*"}]}AmazonRDS还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["rds:DescribeDBInstances","rds:DescribeDBSnapshots","rds:ListTagsForResource","rds:RestoreDBInstanceFromDBSnapshot","rds:DeleteDBInstance","rds:AddTagsToResource"],"Resource":"*"}]}61AWSBackup开发人员指南访问控制服务备份策略服务还原策略AmazonAurora备份策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["rds:CreateDBClusterSnapshot","rds:DescribeDBClusters","rds:DescribeDBClusterSnapshots","rds:ListTagsForResource","rds:AddTagsToResource","rds:CopyDBClusterSnapshot"],"Resource":"*"},{"Effect":"Allow","Action":["rds:DeleteDBClusterSnapshot"],"Resource":["arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"]},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"},{"Action":"kms:DescribeKey","Effect":"Allow","Resource":"*"}]}AmazonAurora还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["rds:DeleteDBCluster","rds:DescribeDBClusters","rds:RestoreDBClusterFromSnapshot","rds:ListTagsForResource","rds:AddTagsToResource"],"Resource":"*"}]}62AWSBackup开发人员指南访问控制服务备份策略服务还原策略AWSStorageGateway备份策略"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["storagegateway:CreateSnapshot"],"Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*"},{"Effect":"Allow","Action":["ec2:CreateTags","ec2:DeleteSnapshot"],"Resource":"arn:aws:ec2:*::snapshot/*"},{"Effect":"Allow","Action":["ec2:DescribeSnapshots"],"Resource":"*"},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}]}AWSStorageGateway还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["storagegateway:DeleteVolume","storagegateway:DescribeCachediSCSIVolumes","storagegateway:DescribeStorediSCSIVolumes"],"Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*"},{"Effect":"Allow","Action":["storagegateway:DescribeGatewayInformation","storagegateway:CreateStorediSCSIVolume","storagegateway:CreateCachediSCSIVolume"],"Resource":"arn:aws:storagegateway:*:*:gateway/*"},{"Effect":"Allow","Action":["storagegateway:ListVolumes"],"Resource":"arn:aws:storagegateway:*:*:*"}]}63AWSBackup开发人员指南访问控制服务备份策略服务还原策略AmazonEC2备份策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:CreateTags","ec2:DeleteSnapshot"],"Resource":"arn:aws:ec2:*::snapshot/*"},{"Effect":"Allow","Action":["ec2:CreateImage","ec2:DeregisterImage"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:ec2:CopyImage","ec2:ec2:CopySnapshot"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:CreateTags"],"Resource":"arn:aws:ec2:*:*:image/*"},{"Effect":"Allow","Action":["ec2:DescribeSnapshots","ec2:DescribeTags","ec2:DescribeImages","ec2:DescribeInstances","ec2:DescribeInstanceAttribute","ec2:DescribeInstanceCreditSpecifications","ec2:DescribeNetworkInterfaces","ec2:DescribeElasticGpus","ec2:DescribeSpotInstanceRequests"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:CreateSnapshot","ec2:DeleteSnapshot",AmazonEC2还原策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:CreateVolume","ec2:DeleteVolume"],"Resource":["arn:aws:ec2:*::snapshot/*","arn:aws:ec2:*:*:volume/*"]},{"Effect":"Allow","Action":["ec2:DescribeSnapshots","ec2:DescribeVolumes"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:DescribeImages","ec2:DescribeInstances"],"Resource":"*"},{"Action":["ec2:RunInstances"],"Effect":"Allow","Resource":"*"},{"Action":["ec2:TerminateInstances"],"Effect":"Allow","Resource":"arn:aws:ec2:*:*:instance/*"},{"Action":"iam:PassRole","Resource":"arn:aws:iam:::role/","Effect":"Allow"}]}64AWSBackup开发人员指南访问控制服务备份策略服务还原策略"ec2:DescribeVolumes","ec2:DescribeSnapshots"],"Resource":["arn:aws:ec2:*::snapshot/*","arn:aws:ec2:*:*:volume/*"]},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}]}65AWSBackup开发人员指南访问控制服务备份策略服务还原策略WindowsVSS(卷影复制服务)BackUp所需的策略{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:CreateTags","ec2:DeleteSnapshot"],"Resource":"arn:aws:ec2:*::snapshot/*"},{"Effect":"Allow","Action":["ec2:CreateImage","ec2:DeregisterImage"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:ec2:CopyImage","ec2:ec2:CopySnapshot"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:CreateTags"],"Resource":"arn:aws:ec2:*:*:image/*"},{"Effect":"Allow","Action":["ec2:DescribeSnapshots","ec2:DescribeTags","ec2:DescribeImages","ec2:DescribeInstances","ec2:DescribeInstanceAttribute","ec2:DescribeInstanceCreditSpecifications","ec2:DescribeNetworkInterfaces","ec2:DescribeElasticGpus","ec2:DescribeSpotInstanceRequests"],"Resource":"*"},{"Effect":"Allow","Action":["ec2:CreateSnapshot","ec2:DeleteSnapshot",66AWSBackup开发人员指南IAM服务角色服务备份策略服务还原策略"ec2:DescribeVolumes","ec2:DescribeSnapshots"],"Resource":["arn:aws:ec2:*::snapshot/*","arn:aws:ec2:*:*:volume/*"]},{"Action":["tag:GetResources"],"Resource":"*","Effect":"Allow"},{"Effect":"Allow","Action":["backup:DescribeBackupVault","backup:CopyIntoBackupVault"],"Resource":"arn:aws:backup:*:*:backup-vault:*"}{"Effect":"Allow","Action":["ssm:CancelCommand","ssm:GetCommandInvocation"],"Resource":"*"},{"Effect":"Allow","Action":"ssm:SendCommand","Resource":["arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot","arn:aws:ec2:*:*:instance/*"]}]}IAM服务角色AWSIdentityandAccessManagement(IAM)角色类似于用户,因为它是一个AWS身份,它具有确定该身份在AWS中可执行和不可执行的操作的权限策略.
但是,角色旨在让需要它的任何人代入,而不是唯一地与某个人员关联.
服务角色是AWS服务代入以代表您执行操作的角色.
作为代表您执行备份操作的服务,AWSBackup要求您在该服务代表您执行备份操作时将其传递给要代入的角色.
有关IAM角色的更多信息,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/id_roles.
html中的IAM用户指南IAM角色.
您传递到AWSBackup的角色必须拥有一个IAM策略,该策略具有的权限可让AWSBackup执行备份操作关联的操作(如创建备份、还原备份或使备份过期).
AWSBackup支持的每个AWS服务都需要不同的权限.
该角色还必须将AWSBackup列为可信实体,这使得AWSBackup能够代入该角色.
67AWSBackup开发人员指南服务相关角色在还原或创建备份时,您将角色传递给AWSBackup.
您还可以在将AWS资源分配给备份计划时指定角色.
当AWSBackup根据您为其分配资源的备份计划代表您创建备份和使备份过期时,它代入此角色.
使用AWS角色控制对备份的访问您可以使用角色来控制对备份的访问,方法是定义范围狭窄的角色,并指定谁可以将该角色传递给AWSBackup.
例如,您可以创建一个角色,该角色仅授予备份AmazonRelationalDatabaseService(AmazonRDS)数据库的权限,并且仅授予AmazonRDS数据库所有者将该角色传递给AWSBackup的权限.
AWSBackup为每个支持的服务提供了几个预定义的托管策略.
您可以将这些托管策略附加到您创建的角色.
这样可以更轻松地创建具有AWSBackup所需的正确权限的服务特定角色.
有关AWSBackup的AWS托管策略的更多信息,请参阅托管策略(p.
56).
的默认服务角色AWSBackup首次使用AWSBackup时,您可以选择让AWSBackup为您创建默认服务角色.
此角色具有AWSBackup所需的权限,使用这些权限可以为该角色支持的所有AWS服务执行备份操作.
如果您可以对要备份的所有资源类型使用同一个角色,则应使用默认角色.
如果出于安全原因,您更喜欢为不同的资源类型使用单独的角色,您还可以创建自己的角色以传递到AWSBackup,而不是使用默认角色.
Note如果您是AWSBackup的新用户,则必须创建角色、列出角色并传递角色权限.
创建角色后,只需要列出角色和传递角色权限.
您必须使用AWS管理控制台创建默认角色.
您无法使用AWS命令行界面(AWSCLI)创建默认角色.
由AWSBackup创建的默认服务角色管理备份的创建和还原.
用于备份的AWSBackup默认服务角色此角色包括IAM策略,该策略授予AWSBackup权限以描述正在备份的资源,创建、删除或描述备份的能力,以及向备份添加标记的能力.
此IAM策略包括AWSBackup支持的所有资源类型的必要权限.
用于还原的AWSBackup默认服务角色此角色包含一个IAM策略,该策略授予相应的AWSBackup权限,用于创建、删除或描述从备份创建的新资源.
它还包括权限来标记新创建的资源.
此IAM策略包括AWSBackup支持的所有资源类型的必要权限.
AWSBackup的服务相关角色AWSBackup使用AWSIdentityandAccessManagement(IAM)服务相关角色.
服务相关角色是一种与AWSBackup直接关联的独特类型的IAM角色.
服务相关角色由AWSBackup预定义,并包含该服务代表您调用其他AWS服务所需的一切权限.
可以通过服务相关角色轻松设置AWSBackup,因为您不必手动添加所需的权限.
AWSBackup定义其服务相关角色的权限,除非另行定义,否则,仅AWSBackup可以担任其角色.
定义的权限包括信任策略和权限策略,并且权限策略不能附加到任何其他IAM实体.
有关支持服务相关角色的其他服务的信息,请参阅与IAM配合使用的AWS服务并查找Service-LinkedRole列为Yes的服务.
选择Yes与查看该服务的服务相关角色文档的链接.
适用于AWSBackup的服务相关角色权限AWSBackup使用名为"服务链接"的角色AWSServicerOleforBackup–ProvidesAWSBackuppermissiontocreatebackupsonyourbehalfacrossAWSservices.
TheThetheBackup服务链接的角色信任以下服务以代表您执行备份:68AWSBackup开发人员指南服务相关角色backup.
amazonaws.
com角色权限策略允许AWSBackup对指定资源完成以下操作:操作:"elasticfilesystem:Backup","elasticfilesystem:DescribeTags"开arn:aws:elasticfilesystem:*:*:file-system/*您必须配置权限以允许IAM实体(如用户、组或角色)创建、编辑或删除服务相关角色.
有关更多信息,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/using-service-linked-roles.
html#service-linked-role-permissions中的IAM用户指南服务相关角色权限.
为AWSBackup创建服务相关角色您无需手动创建服务相关角色.
在AWS管理控制台、AWSCLI或AWSAPI中selectthecheckboxtoprotecttheresourcebycreatinganautomaticbackup时,AWSBackup将为您创建服务相关角色.
Important如果您在其他使用此角色支持的功能的服务中完成某个操作,此服务相关角色可以出现在您的账户中.
如果您在June17,2020开始支持服务相关角色之前使用AWSBackup服务,那么AWSBackup会在您的账户中创建Backup角色.
要了解更多信息,请参阅我的IAM账户中出现新角色.
如果您删除了此服务相关角色然后需要再次创建它,则可以使用相同的流程在您的账户中重新创建此角色.
当您selectthecheckboxtoprotecttheresourcebycreatinganautomaticbackup时,AWSBackup将再次为您创建服务相关角色.
您还可以使用IAM控制台通过AWSBackup使用案例创建服务相关角色.
在AWSCLI或AWSAPI中,使用backup.
amazonaws.
com服务名称创建服务相关角色.
有关更多信息,请参阅https://docs.
amazonaws.
cn/IAM/latest/UserGuide/using-service-linked-roles.
html#create-service-linked-role中的IAM用户指南创建服务相关角色.
如果您删除了此服务相关角色,则可以使用此相同过程再次创建角色.
编辑AWSBackup的服务相关角色AWSBackup不允许您编辑Backup服务相关角色.
创建服务相关角色后,您将无法更改角色的名称,因为可能有多种实体引用该角色.
不过,您可以使用IAM编辑角色的说明.
有关更多信息,请参阅IAM用户指南中的编辑服务相关角色.
删除AWSBackup的服务相关角色您可以使用IAM控制台,AWSCLI或AWSAPI以手动删除服务链接角色.
为此,您必须首先使用AmazonEFS控制台或API以清除自动备份复选框以禁用自动备份AmazonEFS文件系统.
Note如果AWSBackup服务在尝试删除资源时使用服务链接的角色,删除可能失败.
如果发生这种情况,则请等待几分钟后重试.
要删除Backup服务链接角色1.
使用AmazonEFS控制台清除自动备份复选框以禁用自动备份AmazonEFSfilesystems.
或使用AmazonEFSPutBackupPolicyAPI以禁用自动备份.
如果没有AmazonEFS选择要自动备份的文件系统,您可以删除服务链接的角色.
2.
使用IAM控制台、AWSCLI或AWSAPI删除Backup服务相关角色.
有关更多信息,请参阅IAM用户指南中的删除服务相关角色.
删除服务链接角色后,AWSBackup将删除这些资源的备份选择.
69AWSBackup开发人员指南日志记录和监控AWSBackup服务相关角色的受支持区域AWSBackup支持在服务可用的所有区域中使用服务相关角色.
有关更多信息,请参阅AWSGeneralReference中的AWSBackupRegionsandEndpoints.
AWSBackup中的日志记录和监控监控是保持AWSBackup和您的AWS解决方案的可靠性、可用性和性能的重要方面.
您应该从AWS解决方案的各个部分收集监控数据,以便您可以更轻松地调试多点故障(如果发生).
AWS提供了多种工具来监控您的AWSBackup资源并对潜在事件做出响应:AWSCloudTrail日志CloudTrail提供用户、角色或AWS服务在AWSBackup中执行的操作记录.
利用CloudTrail收集的信息,您可以确定向AWSBackup发出了什么请求、发出请求的IP地址、何人发出的请求、请求的发出时间以及其他详细信息.
有关更多信息,请参阅使用AWSCloudTrail记录AWSBackupAPI调用(p.
78).
AWSTrustedAdvisorTrustedAdvisor凝聚了从为数十万AWS客户提供服务中总结的最佳实践.
TrustedAdvisor可检查您的AWS环境,然后在有可能节省开支、提高系统可用性和性能或弥补安全漏洞时为您提供建议.
所有AWS客户均有权访问五个TrustedAdvisor检查.
使用"商业"和"企业"支持计划的客户可以查看所有TrustedAdvisor检查.
有关更多信息,请参阅AWSTrustedAdvisor.
AWSBackup的合规性验证作为多个AWSBackup合规性计划的一部分,第三方审计员将评估AWS的安全性和合规性,如SOC、PCI、FedRAMP、HIPAA等.
有关特定合规性计划范围内的AWS服务的列表,请参阅合规性计划范围内的AWS服务.
有关一般信息,请参阅AWS合规性计划.
您可以使用AWSArtifact下载第三方审核报告.
有关更多信息,请参阅用户指南中的下载AWSArtifact中的报告AWSArtifact.
您在使用AWSBackup时的合规性责任由您的数据的敏感性、您组织的合规性目标以及适用的法律法规决定.
如果您对AWSBackup的使用需遵守HIPAA、PCI或FedRAMP等标准,AWS将提供以下有用资源:安全性与合规性快速入门指南–这些部署指南讨论了架构注意事项,并提供了在AWS上部署基于安全性和合规性的基准环境的步骤.
《设计符合HIPAA安全性和合规性要求的架构》白皮书–此白皮书介绍公司如何使用AWS创建符合HIPAA标准的应用程序.
AWS合规性资源–此业务手册和指南集合可能适用于您的行业和位置.
AWSConfig–此AWS服务评估您的资源配置对内部实践、行业指南和法规的遵循情况.
AWSSecurityHub–此AWS服务提供了AWS中安全状态的全面视图,可帮助您检查是否符合安全行业标准和最佳实践.
AWSBackup中的恢复功能全球基础设施围绕AWS区域和可用区构建.
AWSAWS区域提供多个在物理上独立且隔离的可用区,这些可用区通过延迟低、吞吐量高且冗余性高的网络连接在一起.
利用可用区,您可以设计和操作在可用区之间无70AWSBackup开发人员指南基础设施安全性中断地自动实现故障转移的应用程序和数据库.
与传统的单个或多个数据中心基础设施相比,可用区具有更高的可用性、容错性和可扩展性.
有关AWS区域和可用区的更多信息,请参阅AWS全球基础设施.
AWSBackup中的基础设施安全性作为一项托管服务,AWSBackup由AWS中所述的AmazonWebServices全球网络安全程序提供保护:安全流程概述白皮书.
您可以使用AWS发布的API调用通过网络访问AWSBackup.
客户端必须支持传输层安全性(TLS)1.
0或更高版本.
建议使用TLS1.
2或更高版本.
客户端还必须支持具有完全向前保密(PFS)的密码套件,例如EphemeralDiffie-Hellman(DHE)或EllipticCurveDiffie-HellmanEphemeral(ECDHE).
大多数现代系统(如Java7及更高版本)都支持这些模式.
此外,必须使用访问密钥ID和与IAM主体关联的秘密访问密钥来对请求进行签名.
或者,您可以使用AWSSecurityTokenService(AWSSTS)生成临时安全凭证来对请求进行签名.
71AWSBackup开发人员指南AWSBackup配额以下是使用AWSBackup时的资源配额.
Resource配额每个帐户每个地区的备份存储库数量100每个账户的目标AWS区域的并发备份副本数(每个服务)5*每个账户的备份计划数量100每个备份计划的版本数2000每个资源的并发备份作业数1每个备份计划的资源分配数100**每个保存的资源的元数据标签数50每个备份文件库的恢复点数量1000000*AWSBackup支持多达50个并发备份副本AmazonEC2AMIs到目标AWS区域.
**此配额适用于与备份计划关联的资源分配文档的数量.
分配文档中引用的资源数量没有配额.
Note对于AmazonEFS之外的服务,您可能还会遇到这些服务施加的配额.
72AWSBackup开发人员指南AWSBackup通知APIs使用AmazonSNS跟踪AWSBackup事件AWSBackup旨在为充分利用AmazonSimpleNotificationService(AmazonSNS)提供的可靠通知功能.
您可配置AmazonSNS以从AmazonSNS控制台发送AWSBackup事件的通知.
有关更多信息,请参阅AmazonSNS中的AmazonSimpleNotificationService开发人员指南入门.
主题AWSBackup通知APIs(p.
73)已完成的事件(p.
74)AWSBackup通知命令示例(p.
75)将AWSBackup指定为服务委托人(p.
76)AWSBackup通知APIs使用AmazonSNS控制台或AWSCommandLineInterface(AWSCLI)创建主题后,您可以使用以下AWSBackupAPI操作来管理备份通知.
DeleteBackupVaultNotifications(p.
110)—删除指定的备份文件库的事件通知.
GetBackupVaultNotifications(p.
156)—列出指定的备份文件库的所有事件通知.
PutBackupVaultNotifications(p.
196)—打开指定主题和事件的通知.
支持以下事件:备份作业BACKUP_JOB_STARTEDBACKUP_JOB_COMPLETED还原作业RESTORE_JOB_STARTEDRESTORE_JOB_COMPLETED恢复点RECOVERY_POINT_MODIFIED备份计划BACKUP_PLAN_CREATEDBACKUP_PLAN__MODIFIED73AWSBackup开发人员指南已完成的事件已完成的事件Completed通知中包含一个指示特定完成类型的STATE属性.
示例:已完成的事件{"Type":"Notification","MessageId":"12345678-abcd-123a-def0-abcd1a234567","TopicArn":"arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic","Subject":"NotificationfromAWSBackup","Message":"AnAWSBackupjobwascompletedsuccessfully.
RecoverypointARN:arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012d.
ResourceARN:arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e.
BackupJobID:1b2345b2-f22c-4dab-5eb6-bbc7890ed123","Timestamp":"2019-08-02T18:46:02.
788Z","MessageAttributes":{"EventType":{"Type":"String","Value":"BACKUP_JOB"},"State":{"Type":"String","Value":"COMPLETED"},"AccountId":{"Type":"String","Value":"123456789012"},"Id":{"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},"StartTime":{"Type":"String","Value":"2019-09-02T13:48:52.
226Z"}}}{"Type":"Notification","MessageId":"12345678-abcd-123a-def0-abcd1a234567","TopicArn":"arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic","Subject":"NotificationfromAWSBackup","Message":"AnAWSBackupjobfailed.
ResourceARN:arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e.
BackupJobID:1b2345b2-f22c-4dab-5eb6-bbc7890ed123","Timestamp":"2019-08-02T18:46:02.
788Z","MessageAttributes":{"EventType":{"Type":"String","Value":"BACKUP_JOB"},"State":{"Type":"String","Value":"FAILED"},"AccountId":{"Type":"String","Value":"123456789012"},"Id":{"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},"StartTime":{"Type":"String","Value":"2019-09-02T13:48:52.
226Z"}}}{"Type":"Notification","MessageId":"12345678-abcd-123a-def0-abcd1a234567","TopicArn":"arn:aws:sns:us-west-1:123456789012:backup-2sqs-sns-topic","Subject":"NotificationfromAWSBackup","Message":"AnAWSBackupjobfailedtocompleteintime.
ResourceARN:arn:aws:ec2:us-west-1:123456789012:volume/vol-012f345df6789012e.
BackupJobID:1b2345b2-f22c-4dab-5eb6-bbc7890ed123","Timestamp":"2019-08-02T18:46:02.
788Z","MessageAttributes":{"EventType":{"Type":"String","Value":"BACKUP_JOB"},"State":{"Type":"String","Value":"EXPIRED"},"AccountId":{"Type":"String","Value":"123456789012"},74AWSBackup开发人员指南AWSBackup通知命令示例"Id":{"Type":"String","Value":"1b2345b2-f22c-4dab-5eb6-bbc7890ed123"},"StartTime":{"Type":"String","Value":"2019-09-02T13:48:52.
226Z"}}}AWSBackup通知命令示例您可以使用AWSCLI命令订阅、列出和删除AWSBackup事件的AmazonSNS通知.
放置备份文件库通知示例以下命令订阅指定备份文件库的AmazonSNS主题,该主题将在启动或完成还原作业时或修改恢复点时通知您.
awsbackupput-backup-vault-notifications--backup-vault-name--sns-topic-arnarn:aws:sns:region:account-id:myBackupTopic--backup-vault-eventsRESTORE_JOB_STARTEDRESTORE_JOB_COMPLETEDRECOVERY_POINT_MODIFIED获取备份文件库通知示例以下命令列出了当前订阅指定备份文件库的AmazonSNS主题的所有事件.
awsbackupget-backup-vault-notifications--backup-vault-namemyVault示例输出如下所示:{"SNSTopicArn":"arn:aws:sns:region:account-id:myBackupTopic","BackupVaultEvents":["RESTORE_JOB_STARTED","RESTORE_JOB_COMPLETED","RECOVERY_POINT_MODIFIED"],"BackupVaultName":"myVault","BackupVaultArn":"arn:aws:backup:region:account-id:backup-vault:myVault"}删除备份文件库通知示例以下命令取消订阅指定备份文件库的AmazonSNS主题.
awsbackupdelete-backup-vault-notifications--backup-vault-namemyVault75AWSBackup开发人员指南将AWSBackup指定为服务委托人将AWSBackup指定为服务委托人Note要允许AWSBackup代表您发布SNS主题,您必须将AWSBackup指定为服务委托人.
在用于跟踪AWSBackup事件的AmazonSNS主题的访问策略中包含以下JSON.
您必须指定主题的资源Amazon资源名称(ARN).
{"Sid":"My-statement-id","Effect":"Allow","Principal":{"Service":"backup.
amazonaws.
com"},"Action":"SNS:Publish","Resource":"arn:aws:sns:region:account-id:myTopic"}以下示例JSON是包含AWSBackup作为服务委托人的基本AmazonSNS访问策略的示例.
您必须指定您自己的AWS账户ID和主题的资源ARN.
{"Version":"2008-10-17","Id":"__default_policy_ID","Statement":[{"Sid":"__default_statement_ID","Effect":"Allow","Principal":{"AWS":"*"},"Action":["SNS:Publish","SNS:RemovePermission","SNS:SetTopicAttributes","SNS:DeleteTopic","SNS:ListSubscriptionsByTopic","SNS:GetTopicAttributes","SNS:Receive","SNS:AddPermission","SNS:Subscribe"],"Resource":"arn:aws:sns:region:account-id:myTopic","Condition":{"StringEquals":{"AWS:SourceOwner":"account-id"}}},{"Sid":"__console_pub_0","Effect":"Allow","Principal":{"Service":"backup.
amazonaws.
com"},"Action":"SNS:Publish","Resource":"arn:aws:sns:region:account-id:myTopic"}76AWSBackup开发人员指南将AWSBackup指定为服务委托人]}有关在中指定服务主体的更多信息AmazonSNS访问策略,请参阅允许任何AWS资源发布到主题在AmazonSimpleNotificationService开发人员指南.
Note如果您的主题已加密,则必须在策略中包含其他权限才能允许AWSBackup向其发布.
有关启用服务以发布到加密主题的更多信息,请参阅启用来自AWS服务和加密主题的事件源之间的兼容性在AmazonSimpleNotificationService开发人员指南.
77AWSBackup开发人员指南CloudTrail中的AWSBackup信息使用AWSCloudTrail记录AWSBackupAPI调用AWSBackup与AWSCloudTrail集成,后者是一项服务,该服务提供了由用户、角色或AWSBackup中的AWS服务执行的操作的记录.
CloudTrail将AWSBackup的所有API调用作为事件捕获.
捕获的调用包含来自AWSBackup控制台的调用和对AWSBackupAPI操作的代码调用.
如果您创建了一个跟踪,则可以使CloudTrail事件持续传送到AmazonS3存储桶(包括AWSBackup的事件).
如果您不配置跟踪,则仍可在CloudTrail控制台的Eventhistory(事件历史记录)中查看最新事件.
通过使用CloudTrail收集的信息,您可以确定向AWSBackup发出的请求、从中发出请求的IP地址、发出请求的用户、发出请求的时间以及其他详细信息.
要了解有关CloudTrail的更多信息,请参阅AWSCloudTrailUserGuide.
主题CloudTrail中的AWSBackup信息(p.
78)了解AWSBackup日志文件条目(p.
79)记录跨账户管理事件(p.
81)CloudTrail中的AWSBackup信息在您创建CloudTrail账户时,即针对该账户启用了AWS.
当AWSBackup中发生活动时,该活动将记录在CloudTrail事件中,并与其他AWS服务事件一同保存在Eventhistory(事件历史记录)中.
您可以在AWS账户中查看、搜索和下载最新事件.
有关更多信息,请参阅使用CloudTrail事件历史记录查看事件.
要持续记录AWS账户中的事件(包括AWSBackup的事件),请创建跟踪.
通过跟踪,CloudTrail可将日志文件传送至AmazonS3存储桶.
默认情况下,在控制台中创建跟踪时,此跟踪应用于所有AWS区域.
此跟踪在AWS分区中记录来自所有区域的事件,并将日志文件传送至您指定的AmazonS3存储桶.
此外,您可以配置其他AWS服务,进一步分析在CloudTrail日志中收集的事件数据并采取行动.
有关更多信息,请参阅下列内容:创建跟踪概述CloudTrail支持的服务和集成为CloudTrail配置AmazonSNS通知接收多个区域中的CloudTrail日志文件和从多个账户中接收CloudTrail日志文件CloudTrail记录所有AWSBackupAPI操作,在AWSBackupAPIActions(p.
89)中介绍了这些操作.
每个事件或日志条目都包含有关生成请求的人员的信息.
身份信息帮助您确定以下内容:请求是使用根用户凭证还是AWSIdentityandAccessManagement(IAM)用户凭证发出的.
请求是使用角色还是联合身份用户的临时安全凭证发出的.
请求是否由其他AWS服务发出.
有关更多信息,请参阅CloudTrailuserIdentity元素.
78AWSBackup开发人员指南了解AWSBackup日志文件条目了解AWSBackup日志文件条目跟踪是一种配置,可用于将事件作为日志文件传送到您指定的AmazonS3存储桶.
CloudTrail日志文件包含一个或多个日志条目.
一个事件表示来自任何源的一个请求,包括有关所请求的操作、操作的日期和时间、请求参数等方面的信息.
CloudTrail日志文件不是公用API调用的有序堆栈跟踪,因此它们不会以任何特定顺序显示.
以下示例显示了一个CloudTrail日志条目,该条目演示了StartBackupJob、StartRestoreJob和DeleteRecoveryPoint操作以及BackupJobCompleted事件.
{"eventVersion":"1.
05","userIdentity":{"type":"Root","principalId":"123456789012","arn":"arn:aws:iam::123456789012:root","accountId":"account-id","accessKeyId":aceess-key,"sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-01-10T12:24:50Z"}}},"eventTime":"2019-01-10T13:45:24Z","eventSource":"backup.
amazonaws.
com","eventName":"StartBackupJob","awsRegion":"us-east-1","sourceIPAddress":"12.
34.
567.
89","userAgent":"aws-internal/3aws-sdk-java/1.
11.
465Linux/4.
9.
124-0.
1.
ac.
198.
73.
329.
metal1.
x86_64OpenJDK_64-Bit_Server_VM/25.
192-b12java/1.
8.
0_192","requestParameters":{"backupVaultName":"Default","resourceArn":"arn:aws:ec2:us-east-1:123456789012:volume/vol-00a422a05b9c6asd3","iamRoleArn":"arn:aws:iam::123456789012:role/AWSBackup","startWindowMinutes":60},"responseElements":{"backupJobId":"8a3c2a87-b23e-4d56-b045-fa9e88ede4e6","creationDate":"Jan10,20191:45:24PM"},"requestID":"98cf4d59-8c76-49f7-9201-790743931234","eventID":"fe8146a5-7812-4a95-90ad-074498be1234","eventType":"AwsApiCall","recipientAccountId":"account-id"},{"eventVersion":"1.
05","userIdentity":{"type":"Root","principalId":"123456789012","arn":"arn:aws:iam::123456789012:root","accountId":"account-id","accessKeyId":"access-key","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-01-10T12:24:50Z"}79AWSBackup开发人员指南了解AWSBackup日志文件条目}},"eventTime":"2019-01-10T13:49:50Z","eventSource":"backup.
amazonaws.
com","eventName":"StartRestoreJob","awsRegion":"us-east-1","sourceIPAddress":"12.
34.
567.
89","userAgent":"aws-internal/3aws-sdk-java/1.
11.
465Linux/4.
9.
124-0.
1.
ac.
198.
73.
329.
metal1.
x86_64OpenJDK_64-Bit_Server_VM/25.
192-b12java/1.
8.
0_192","requestParameters":{"recoveryPointArn":"arn:aws:ec2:us-east-1::snapshot/snap-00a129455bdbc9d99","metadata":{"volumeType":"gp2","availabilityZone":"us-east-1b","volumeSize":"100"},"iamRoleArn":"arn:aws:iam::123456789012:role/AWSBackup","idempotencyToken":"a9c8b4fb-d369-4a58-944b-942e442a8fe3","resourceType":"EBS"},"responseElements":{"restoreJobId":"9808E090-8C76-CCB8-4CEA-407CF6AC4C43"},"requestID":"783ddddc-6d7e-4539-8fab-376aa9668543","eventID":"ff35ddea-7577-4aec-a132-964b7e9dd423","eventType":"AwsApiCall","recipientAccountId":"account-id"},{"eventVersion":"1.
05","userIdentity":{"type":"Root","principalId":"123456789012","arn":"arn:aws:iam::123456789012:root","accountId":"account-id","accessKeyId":"access-key","sessionContext":{"attributes":{"mfaAuthenticated":"false","creationDate":"2019-01-10T12:24:50Z"}}},"eventTime":"2019-01-10T14:52:42Z","eventSource":"backup.
amazonaws.
com","eventName":"DeleteRecoveryPoint","awsRegion":"us-east-1","sourceIPAddress":"12.
34.
567.
89","userAgent":"aws-internal/3aws-sdk-java/1.
11.
465Linux/4.
9.
124-0.
1.
ac.
198.
73.
329.
metal1.
x86_64OpenJDK_64-Bit_Server_VM/25.
192-b12java/1.
8.
0_192","requestParameters":{"backupVaultName":"Default","recoveryPointArn":"arn:aws:ec2:us-east-1::snapshot/snap-05f426fd9daab3433"},"responseElements":null,"requestID":"f1f1b33a-48da-436c-9a8f-7574f1ab5fd7","eventID":"2dd70080-5aba-4a79-9a0f-92647c9f0846","eventType":"AwsApiCall","recipientAccountId":"account-id"},{"eventVersion":"1.
05",80AWSBackup开发人员指南记录跨账户管理事件"userIdentity":{"accountId":"account-id","invokedBy":"backup.
amazonaws.
com"},"eventTime":"2019-01-10T08:24:39Z","eventSource":"backup.
amazonaws.
com","eventName":"BackupJobCompleted","awsRegion":"us-east-1","sourceIPAddress":"backup.
amazonaws.
com","userAgent":"backup.
amazonaws.
com","requestParameters":null,"responseElements":null,"eventID":"2e7e4fcf-0c52-467f-9fd0-f61c2fcf7d17","eventType":"AwsServiceEvent","recipientAccountId":"account-id","serviceEventDetails":{"completionDate":{"seconds":1547108091,"nanos":906000000},"state":"COMPLETED","percentDone":100,"backupJobId":"8A8E738B-A8C5-E058-8224-90FA323A3C0E","backupVaultName":"BackupVault","backupVaultArn":"arn:aws:backup:us-east-1:123456789012:backup-vault:BackupVault","recoveryPointArn":"arn:aws:ec2:us-east-1::snapshot/snap-07ce8c3141d361233","resourceArn":"arn:aws:ec2:us-east-1:123456789012:volume/vol-06692095a6a421233","creationDate":{"seconds":1547101638,"nanos":272000000},"backupSizeInBytes":8589934592,"iamRoleArn":"arn:aws:iam::123456789012:role/AWSBackup","resourceType":"EBS"}}记录跨账户管理事件使用AWSBackup,您可以跨AWSOrganizations结构内的所有AWS账户管理备份.
AWSCloudTrail记录以下事件以进行跨账户管理.
CreateOrganizationalBackupPlanUpdateOrganizationalBackupPlanDeleteOrganizationalBackupPlan每个事件或日志条目都包含有关生成请求的人员的信息.
身份信息帮助您确定以下内容:请求是使用根用户凭证还是AWSIdentityandAccessManagement(IAM)用户凭证发出的.
请求是使用角色还是联合身份用户的临时安全凭证发出的.
请求是否由其他AWS服务发出.
有关更多信息,请参阅CloudTrailuserIdentity元素.
81AWSBackup开发人员指南示例:用于跨账户管理的AWSBackup日志文件条目示例:用于跨账户管理的AWSBackup日志文件条目跟踪是一种配置,可用于将事件作为日志文件传送到您指定的AmazonS3存储桶.
CloudTrail日志文件包含一个或多个日志条目.
一个事件表示来自任何源的一个请求,包括有关所请求的操作、操作的日期和时间、请求参数等方面的信息.
CloudTrail日志文件不是公用API调用的有序堆栈跟踪,因此它们不会以任何特定顺序显示.
下面的示例显示一个CloudTrail日志条目,该条目演示CreateOrganizationalBackupPlan操作.
{"*eventVersion*":"1.
05","*userIdentity*":{"*accountId*":"account-id","*invokedBy*":"backup.
amazonaws.
com"},"*eventTime*":"2020-06-02T00:34:00Z","*eventSource*":"backup.
amazonaws.
com","*eventName*":"CreateOrganizationalBackupPlan","*awsRegion*":"ca-central-1","*sourceIPAddress*":"backup.
amazonaws.
com","*userAgent*":"backup.
amazonaws.
com","*requestParameters*":null,"*responseElements*":null,"*eventID*":"f2642255-af77-4203-8c37-7ca19d898e84","*readOnly*":false,"*eventType*":"AwsServiceEvent","*recipientAccountId*":"account-id","*serviceEventDetails*":{"*backupPlanId*":"orgs/544033d1-b19c-3f2a-9c20-40bcfa82ca68","*backupPlanVersionId*":"ZTA1Y2ZjZDYtNmRjMy00ZTA1LWIyNTAtM2M1NzQ4OThmNzRj","*backupPlanArn*":"arn:aws:backup:ca-central-1:123456789012:backup-plan:orgs/544033d1-b19c-3f2a-9c20-40bcfa82ca68","*backupPlanName*":"mybackupplan","*backupRules*id\":\"745fd0ea-7f57-3f35-8a0e-ed4b8c48a8e2\",\"name\":\"hourly\",\"description\":null,\"cryopodArn\":\"arn:aws:backup:ca-central-1:123456789012:backup-vault:CryoControllerCAMTestBackupVault\",\"scheduleExpression\":\"cron(00/1startWindow\":\"PT1H\",\"completionWindow\":\"PT2H\",\"lifecycle\":{\"moveToColdStorageAfterDays\":null,\"deleteAfterDays\":\"7\"},\"tags\":null,\"copyActions\"*backupSelections*name\":\"selectiondatatype\",\"arn\":\"arn:aws:backup:ca-central-1:123456789012:selection:8b40c6d9-3641-3d49-926d-a075ea715686\",\"role\":\"arn:aws:iam::123456789012:role/OrganizationmyRoleTestRole\",\"resources\":[],\"notResources\":[],\"conditions\":[{\"type\":\"STRINGEQUALS\",\"key\":\"dataType\",\"value\":\"PII\"},{\"type\":\"STRINGEQUALS\",\"key\":\"dataType\",\"value\":\"RED\"}],\"creationDate\":\"2020-06-02T00:34:00.
695Z\",\"creatorRequestId\":null}]","*creationDate*":{"*seconds*":1591058040,"*nanos*":695000000},"*organizationId*":"org-id","*accountId*":"account-id"}}下面的示例显示一个CloudTrail日志条目,该条目演示DeleteOrganizationalBackupPlan操作.
{"*eventVersion*":"1.
05","*userIdentity*":{"*accountId*":"account-id","*invokedBy*":"backup.
amazonaws.
com"},"*eventTime*":"2020-06-02T00:34:25Z",82AWSBackup开发人员指南示例:用于跨账户管理的AWSBackup日志文件条目"*eventSource*":"backup.
amazonaws.
com","*eventName*":"DeleteOrganizationalBackupPlan","*awsRegion*":"ca-central-1","*sourceIPAddress*":"backup.
amazonaws.
com","*userAgent*":"backup.
amazonaws.
com","*requestParameters*":null,"*responseElements*":null,"*eventID*":"5ce66cd0-b90c-4957-8e00-96ea1077b4fa","*readOnly*":false,"*eventType*":"AwsServiceEvent","*recipientAccountId*":"account-id","*serviceEventDetails*":{"*backupPlanId*":"orgs/544033d1-b19c-3f2a-9c20-40bcfa82ca68","*backupPlanVersionId*":"ZTA1Y2ZjZDYtNmRjMy00ZTA1LWIyNTAtM2M1NzQ4OThmNzRj","*backupPlanArn*":"arn:aws:backup:ca-central-1:123456789012:backup-plan:orgs/544033d1-b19c-3f2a-9c20-40bcfa82ca68","*backupPlanName*":"mybackupplan","*deletionDate*":{"*seconds*":1591058065,"*nanos*":519000000},"*organizationId*":"org-id","*accountId*":"account-id"}}83AWSBackup开发人员指南将AWSBackup与AWSCloudFormation集成将AWSCloudFormation模板与AWSBackup结合使用以下信息介绍了如何使用AWSCloudFormation模板来简化和自动执行与备份计划、备份文件库和资源选择相关的任务.
将AWSBackup与AWSCloudFormation集成借助AWSCloudFormation,您可以使用自己创建的模板以安全、可重复的方式预配置和管理AWS资源.
您可以使用AWSCloudFormation模板管理备份计划、备份资源选择和备份文件库.
有关使用AWSCloudFormation的信息,请参阅AWSCloudFormation用户指南中的AWSCloudFormation的工作原理.
在创建AWSCloudFormation堆栈之前,您应该考虑以下几点:我们建议您为备份计划和备份文件库创建单独的模板.
由于只有在备份文件库为空时才能将其删除,因此如果备份文件库包含任何恢复点,则无法删除包含备份文件库的堆栈.
在创建堆栈之前,请确保您具有可用的服务角色.
首次将资源分配给备份计划时,系统会为您创建AWSBackup默认服务角色.
如果您尚未执行此操作,则默认服务角色不可用.
您还可以指定自己创建的自定义角色.
有关角色的更多信息,请参阅IAM服务角色(p.
67).
以下是创建备份计划的示例模板.
Description:"BackupPlantemplatetobackupallresourcestaggedwithbackup=dailydailyat5amUTC.
"Resources:KMSKey:Type:AWS::KMS::KeyProperties:Description:"Encryptionkeyfordaily"EnableKeyRotation:TrueEnabled:TrueKeyPolicy:Version:"2012-10-17"Statement:-Effect:AllowPrincipal:"AWS":{"Fn::Sub":"arn:${AWS::Partition}:iam::${AWS::AccountId}:root"}Action:-kms:*Resource:"*"BackupVaultWithDailyBackups:Type:"AWS::Backup::BackupVault"Properties:BackupVaultName:"BackupVaultWithDailyBackups"EncryptionKeyArn:!
GetAttKMSKey.
ArnBackupPlanWithDailyBackups:Type:"AWS::Backup::BackupPlan"Properties:BackupPlan:84AWSBackup开发人员指南将AWSBackup与AWSCloudFormation集成BackupPlanName:"BackupPlanWithDailyBackups"BackupPlanRule:-RuleName:"RuleForDailyBackups"TargetBackupVault:!
RefBackupVaultWithDailyBackupsScheduleExpression:"cron(05DependsOn:BackupVaultWithDailyBackupsDDBTableWithDailyBackupTag:Type:"AWS::DynamoDB::Table"Properties:TableName:"TestTable"AttributeDefinitions:-AttributeName:"Album"AttributeType:"S"KeySchema:-AttributeName:"Album"KeyType:"HASH"ProvisionedThroughput:ReadCapacityUnits:"5"WriteCapacityUnits:"5"Tags:-Key:"backup"Value:"daily"BackupRole:Type:"AWS::IAM::Role"Properties:AssumeRolePolicyDocument:Version:"2012-10-17"Statement:-Effect:"Allow"Principal:Service:-"backup.
amazonaws.
com"Action:-"sts:AssumeRole"ManagedPolicyArns:-"arn:aws:iam::aws:policy/service-role/servicerole"TagBasedBackupSelection:Type:"AWS::Backup::BackupSelection"Properties:BackupSelection:SelectionName:"TagBasedBackupSelection"IamRoleArn:!
GetAttBackupRole.
ArnListOfTags:-ConditionType:"STRINGEQUALS"ConditionKey:"backup"ConditionValue:"daily"BackupPlanId:!
RefBackupPlanWithDailyBackupsDependsOn:BackupPlanWithDailyBackups如果您使用的是默认服务角色,请将服服服服替换为AWSBackupServiceRolePolicyForBackup.
有关将AWSCloudFormation与AWSBackup结合使用的信息,请参阅AWSCloudFormation用户指南中的AWSBackup资源类型参考.
85AWSBackup开发人员指南将AWSBackup与AWSCloudFormation集成有关使用AWSCloudFormation时控制对AWS服务资源的访问的信息,请参阅AWSCloudFormation用户指南中的使用AWSIdentityandAccessManagement控制访问.
86AWSBackup开发人员指南排查一般问题AWSBackup问题排查使用AWSBackup期间,使用备份计划、资源和备份文件库时可能会遇到问题.
以下部分可帮助您解决可能出现的一些常见问题.
有关AWSBackup的一般性问题,请参阅AWSBackup常见问题.
您还可以在AWSBackup论坛上搜索答案和发布问题.
主题排查一般问题(p.
87)创建资源故障排除(p.
87)删除资源故障排除(p.
88)排查一般问题备份和还原资源时,您不仅需要AWSBackup的使用权限,还必须具有访问要保护的资源的权限.
有关将AWSIdentityandAccessManagement(IAM)与AWSBackup配合使用进行访问控制的更多信息,请参阅访问控制(p.
53).
如果在备份和还原特定资源类型时遇到问题,查看该资源的故障排除主题会很有帮助.
有关其他AWS服务的故障排除的更多信息,请参阅以下内容:使用AWSBackup配AmazonEFS在AmazonElasticFileSystem用户指南按需备份和恢复DynamoDB在AmazonDynamoDB开发人员指南AmazonEBS快照在AmazonEC2用户指南(适用于Linux实例)备份和还原AmazonRDS数据库实例在AmazonRDS用户指南备份和恢复Aurora数据库群集概述在AmazonAurora用户指南.
备份卷在AWSStorageGateway用户指南如果AWSBackup无法创建或删除资源,您可以通过使用AWSCloudTrail查看错误消息或日志来了解有关该问题的详细信息.
有关将CloudTrail与AWSBackup配合使用的更多信息,请参阅使用AWSCloudTrail记录AWSBackupAPI调用(p.
78).
创建资源故障排除以下信息可帮助您排查创建备份问题.
创建DynamoDB表时,为这些表创建备份将失败.
创建DynamoDB表通常需要几分钟.
当AmazonEFS文件系统非常大时,备份这些文件系统最多可能需要7天时间.
一次只能将AmazonEFS文件系统的一个并发备份进行排队.
如果后续备份在前一个备份仍在进行时排队,则备份窗口可能会过期,并且不会创建备份.
AmazonEBS具有每个账户每个AWS区域100000个备份的软配额,当达到此配额时,其他备份将失败.
如果达到此配额,您可以删除多余备份或请求增加配额.
有关请求增加配额的更多信息,请参阅AWS服务配额.
创建AmazonRDS备份时,请考虑以下事项:87AWSBackup开发人员指南删除资源故障排除AmazonRDS具有每个账户每个AWS区域100个备份的软配额,当达到此配额时,其他备份将失败.
如果达到此配额,您可以删除多余备份或请求增加配额.
有关请求增加配额的更多信息,请参阅AWS服务配额.
如果您通过备份计划或通过创建按需备份启动备份,当备份安排在每日用户可配置的30分钟备份窗口中时,备份将失败.
有关自动AmazonRDS备份,请参阅处理备份在AmazonRDS用户指南.
如果从AmazonRDS控制台,这可能与Aurora群集备份作业,导致错误Backupjobexpiredbeforecompletion.
如果发生这种情况,请在AWSBackup.
在维护窗口内启动的备份将失败.
有关AmazonRDS维护窗口,请参阅维护数据库实例在AmazonRDS用户指南.
在使用时,无法指定RDS选项AWSBackup以制作备份副本.
如果您遇到错误,例如"Thesnapshotrequiresatargetoptiongroupwiththefollowingoptions:Timezone.
.
.
"您必须删除选项或使用AmazonRDS控制台或API以启动副本.
删除资源故障排除由AWSBackup创建的恢复点无法在受保护资源的控制台窗口中删除.
您可以在AWSBackup控制台上删除它们,方法是在存储它们的文件库中选择它们,然后选择Delete(删除).
要删除恢复点或备份文件库,您需要相应的权限.
有关将IAM与AWSBackup配合使用进行访问控制的更多信息,请参阅访问控制(p.
53).
88AWSBackup开发人员指南ActionsAWSBackupAPIActionsThefollowingactionsaresupported:CreateBackupPlan(p.
91)CreateBackupSelection(p.
95)CreateBackupVault(p.
98)DeleteBackupPlan(p.
101)DeleteBackupSelection(p.
104)DeleteBackupVault(p.
106)DeleteBackupVaultAccessPolicy(p.
108)DeleteBackupVaultNotifications(p.
110)DeleteRecoveryPoint(p.
112)DescribeBackupJob(p.
114)DescribeBackupVault(p.
119)DescribeCopyJob(p.
122)DescribeGlobalSettings(p.
124)DescribeProtectedResource(p.
126)DescribeRecoveryPoint(p.
128)DescribeRegionSettings(p.
133)DescribeRestoreJob(p.
135)ExportBackupPlanTemplate(p.
139)GetBackupPlan(p.
141)GetBackupPlanFromJSON(p.
145)GetBackupPlanFromTemplate(p.
148)GetBackupSelection(p.
151)GetBackupVaultAccessPolicy(p.
154)GetBackupVaultNotifications(p.
156)GetRecoveryPointRestoreMetadata(p.
159)GetSupportedResourceTypes(p.
161)ListBackupJobs(p.
163)ListBackupPlans(p.
166)ListBackupPlanTemplates(p.
169)ListBackupPlanVersions(p.
171)ListBackupSelections(p.
174)ListBackupVaults(p.
176)ListCopyJobs(p.
178)ListProtectedResources(p.
181)ListRecoveryPointsByBackupVault(p.
183)ListRecoveryPointsByResource(p.
186)ListRestoreJobs(p.
189)89AWSBackup开发人员指南ActionsListTags(p.
192)PutBackupVaultAccessPolicy(p.
194)PutBackupVaultNotifications(p.
196)StartBackupJob(p.
198)StartCopyJob(p.
202)StartRestoreJob(p.
205)StopBackupJob(p.
208)TagResource(p.
210)UntagResource(p.
212)UpdateBackupPlan(p.
214)UpdateGlobalSettings(p.
217)UpdateRecoveryPointLifecycle(p.
219)UpdateRegionSettings(p.
222)90AWSBackup开发人员指南CreateBackupPlanCreateBackupPlanCreatesabackupplanusingabackupplannameandbackuprules.
AbackupplanisadocumentthatcontainsinformationthatAWSBackupusestoscheduletasksthatcreaterecoverypointsforresources.
IfyoucallCreateBackupPlanwithaplanthatalreadyexists,anAlreadyExistsExceptionisreturned.
RequestSyntaxPUT/backup/plans/HTTP/1.
1Content-type:application/json{"BackupPlan":{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanName":"string","Rules":[{"CompletionWindowMinutes":number,"CopyActions":[{"DestinationBackupVaultArn":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}],"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"RuleName":"string","ScheduleExpression":"string","StartWindowMinutes":number,"TargetBackupVaultName":"string"}]},"BackupPlanTags":{"string":"string"},"CreatorRequestId":"string"}URIRequestParametersTherequestdoesnotuseanyURIparameters.
91AWSBackup开发人员指南CreateBackupPlanRequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupPlan(p.
91)Specifiesthebodyofabackupplan.
IncludesaBackupPlanNameandoneormoresetsofRules.
Type:BackupPlanInput(p.
231)objectRequired:YesBackupPlanTags(p.
91)Tohelporganizeyourresources,youcanassignyourownmetadatatotheresourcesthatyoucreate.
Eachtagisakey-valuepair.
Thespecifiedtagsareassignedtoallbackupscreatedwiththisplan.
Type:StringtostringmapRequired:NoCreatorRequestId(p.
91)Identifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
IftherequestincludesaCreatorRequestIdthatmatchesanexistingbackupplan,thatplanisreturned.
Thisparameterisoptional.
Type:StringRequired:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanArn":"string","BackupPlanId":"string","CreationDate":number,"VersionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
AdvancedBackupSettings(p.
92)AlistofBackupOptionssettingsforaresourcetype.
ThisoptionisonlyavailableforWindowsVSSbackupjobs.
92AWSBackup开发人员指南CreateBackupPlanType:ArrayofAdvancedBackupSetting(p.
225)objectsBackupPlanArn(p.
92)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringBackupPlanId(p.
92)Uniquelyidentifiesabackupplan.
Type:StringCreationDate(p.
92)Thedateandtimethatabackupplaniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampVersionId(p.
92)Unique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
Theycannotbeedited.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
AlreadyExistsExceptionTherequiredresourcealreadyexists.
HTTPStatusCode:400InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:50093AWSBackup开发人员指南CreateBackupPlanSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV394AWSBackup开发人员指南CreateBackupSelectionCreateBackupSelectionCreatesaJSONdocumentthatspecifiesasetofresourcestoassigntoabackupplan.
ResourcescanbeincludedbyspecifyingpatternsforaListOfTagsandselectedResources.
Forexample,considerthefollowingpatterns:Resources:"arn:aws:ec2:region:account-id:volume/volume-id"ConditionKey:"department"ConditionValue:"finance"ConditionType:"StringEquals"ConditionKey:"importance"ConditionValue:"critical"ConditionType:"StringEquals"UsingthesepatternswouldbackupallAmazonElasticBlockStore(AmazonEBS)volumesthataretaggedas"department=finance","importance=critical",inadditiontoanEBSvolumewiththespecifiedvolumeID.
Resourcesandconditionsareadditiveinthatallresourcesthatmatchthepatternareselected.
Thisshouldn'tbeconfusedwithalogicalAND,whereallconditionsmustmatch.
ThematchingpatternsarelogicallyputtogetherusingtheORoperator.
Inotherwords,allpatternsthatmatchareselectedforbackup.
RequestSyntaxPUT/backup/plans/backupPlanId/selections/HTTP/1.
1Content-type:application/json{"BackupSelection":{"IamRoleArn":"string","ListOfTags":[{"ConditionKey":"string","ConditionType":"string","ConditionValue":"string"}],"Resources":["string"],"SelectionName":"string"},"CreatorRequestId":"string"}URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
95)Uniquelyidentifiesthebackupplantobeassociatedwiththeselectionofresources.
Required:Yes95AWSBackup开发人员指南CreateBackupSelectionRequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupSelection(p.
95)Specifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Type:BackupSelection(p.
239)objectRequired:YesCreatorRequestId(p.
95)Auniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringRequired:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanId":"string","CreationDate":number,"SelectionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanId(p.
96)Uniquelyidentifiesabackupplan.
Type:StringCreationDate(p.
96)Thedateandtimeabackupselectioniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampSelectionId(p.
96)Uniquelyidentifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
96AWSBackup开发人员指南CreateBackupSelectionAlreadyExistsExceptionTherequiredresourcealreadyexists.
HTTPStatusCode:400InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV397AWSBackup开发人员指南CreateBackupVaultCreateBackupVaultCreatesalogicalcontainerwherebackupsarestored.
ACreateBackupVaultrequestincludesaname,optionallyoneormoreresourcetags,anencryptionkey,andarequestID.
NoteSensitivedata,suchaspassportnumbers,shouldnotbeincludedthenameofabackupvault.
RequestSyntaxPUT/backup-vaults/backupVaultNameHTTP/1.
1Content-type:application/json{"BackupVaultTags":{"string":"string"},"CreatorRequestId":"string","EncryptionKeyArn":"string"}URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
98)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupVaultTags(p.
98)Metadatathatyoucanassigntohelporganizetheresourcesthatyoucreate.
Eachtagisakey-valuepair.
Type:StringtostringmapRequired:NoCreatorRequestId(p.
98)Auniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringRequired:No98AWSBackup开发人员指南CreateBackupVaultEncryptionKeyArn(p.
98)Theserver-sideencryptionkeythatisusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringRequired:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","BackupVaultName":"string","CreationDate":number}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
99)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultName(p.
99)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$CreationDate(p.
99)Thedateandtimeabackupvaultiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
AlreadyExistsExceptionTherequiredresourcealreadyexists.
99AWSBackup开发人员指南CreateBackupVaultHTTPStatusCode:400InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3100AWSBackup开发人员指南DeleteBackupPlanDeleteBackupPlanDeletesabackupplan.
Abackupplancanonlybedeletedafterallassociatedselectionsofresourceshavebeendeleted.
Deletingabackupplandeletesthecurrentversionofabackupplan.
Previousversions,ifany,willstillexist.
RequestSyntaxDELETE/backup/plans/backupPlanIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
101)Uniquelyidentifiesabackupplan.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanArn":"string","BackupPlanId":"string","DeletionDate":number,"VersionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanArn(p.
101)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringBackupPlanId(p.
101)Uniquelyidentifiesabackupplan.
Type:String101AWSBackup开发人员指南DeleteBackupPlanDeletionDate(p.
101)Thedateandtimeabackupplanisdeleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofDeletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampVersionId(p.
101)Unique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
VersionIDscannotbeedited.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScript102AWSBackup开发人员指南DeleteBackupPlanAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3103AWSBackup开发人员指南DeleteBackupSelectionDeleteBackupSelectionDeletestheresourceselectionassociatedwithabackupplanthatisspecifiedbytheSelectionId.
RequestSyntaxDELETE/backup/plans/backupPlanId/selections/selectionIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
104)Uniquelyidentifiesabackupplan.
Required:YesselectionId(p.
104)Uniquelyidentifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400104AWSBackup开发人员指南DeleteBackupSelectionServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3105AWSBackup开发人员指南DeleteBackupVaultDeleteBackupVaultDeletesthebackupvaultidentifiedbyitsname.
Avaultcanbedeletedonlyifitisempty.
RequestSyntaxDELETE/backup-vaults/backupVaultNameHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
106)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400106AWSBackup开发人员指南DeleteBackupVaultResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3107AWSBackup开发人员指南DeleteBackupVaultAccessPolicyDeleteBackupVaultAccessPolicyDeletesthepolicydocumentthatmanagespermissionsonabackupvault.
RequestSyntaxDELETE/backup-vaults/backupVaultName/access-policyHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
108)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400108AWSBackup开发人员指南DeleteBackupVaultAccessPolicyServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3109AWSBackup开发人员指南DeleteBackupVaultNotificationsDeleteBackupVaultNotificationsDeleteseventnotificationsforthespecifiedbackupvault.
RequestSyntaxDELETE/backup-vaults/backupVaultName/notification-configurationHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
110)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400110AWSBackup开发人员指南DeleteBackupVaultNotificationsServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3111AWSBackup开发人员指南DeleteRecoveryPointDeleteRecoveryPointDeletestherecoverypointspecifiedbyarecoverypointID.
RequestSyntaxDELETE/backup-vaults/backupVaultName/recovery-points/recoveryPointArnHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
112)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesrecoveryPointArn(p.
112)AnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
112AWSBackup开发人员指南DeleteRecoveryPointHTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3113AWSBackup开发人员指南DescribeBackupJobDescribeBackupJobReturnsbackupjobdetailsforthespecifiedBackupJobId.
RequestSyntaxGET/backup-jobs/backupJobIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupJobId(p.
114)UniquelyidentifiesarequesttoAWSBackuptobackuparesource.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"AccountId":"string","BackupJobId":"string","BackupOptions":{"string":"string"},"BackupSizeInBytes":number,"BackupType":"string","BackupVaultArn":"string","BackupVaultName":"string","BytesTransferred":number,"CompletionDate":number,"CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"ExpectedCompletionDate":number,"IamRoleArn":"string","PercentDone":"string","RecoveryPointArn":"string","ResourceArn":"string","ResourceType":"string","StartBy":number,"State":"string","StatusMessage":"string"}114AWSBackup开发人员指南DescribeBackupJobResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
AccountId(p.
114)ReturnstheaccountIDthatownsthebackupjob.
Type:StringPattern:^[0-9]{12}$BackupJobId(p.
114)UniquelyidentifiesarequesttoAWSBackuptobackuparesource.
Type:StringBackupOptions(p.
114)Representstheoptionsspecifiedaspartofbackupplanoron-demandbackupjob.
Type:StringtostringmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ValuePattern:^[a-zA-Z0-9\-\_\.
]{1,50}$BackupSizeInBytes(p.
114)Thesize,inbytes,ofabackup.
Type:LongBackupType(p.
114)Representstheactualbackuptypeselectedforabackupjob.
Forexample,ifasuccessfulWindowsVSSbackupwastaken,BackupTypereturns"WindowsVSS".
IfBackupTypeisempty,thenthebackuptypethatwasisaregularbackup.
Type:StringBackupVaultArn(p.
114)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultName(p.
114)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$BytesTransferred(p.
114)Thesizeinbytestransferredtoabackupvaultatthetimethatthejobstatuswasqueried.
115AWSBackup开发人员指南DescribeBackupJobType:LongCompletionDate(p.
114)Thedateandtimethatajobtocreateabackupjobiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatedBy(p.
114)Containsidentifyinginformationaboutthecreationofabackupjob,includingtheBackupPlanArn,BackupPlanId,BackupPlanVersion,andBackupRuleIdofthebackupplanthatisusedtocreateit.
Type:RecoveryPointCreator(p.
257)objectCreationDate(p.
114)Thedateandtimethatabackupjobiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampExpectedCompletionDate(p.
114)Thedateandtimethatajobtobackupresourcesisexpectedtobecompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofExpectedCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampIamRoleArn(p.
114)SpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringPercentDone(p.
114)Containsanestimatedpercentagethatiscompleteofajobatthetimethejobstatuswasqueried.
Type:StringRecoveryPointArn(p.
114)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringResourceArn(p.
114)AnARNthatuniquelyidentifiesasavedresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringResourceType(p.
114)ThetypeofAWSresourcetobebackedup;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
116AWSBackup开发人员指南DescribeBackupJobType:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$StartBy(p.
114)SpecifiesthetimeinUnixformatandCoordinatedUniversalTime(UTC)whenabackupjobmustbestartedbeforeitiscanceled.
Thevalueiscalculatedbyaddingthestartwindowtothescheduledtime.
Soifthescheduledtimewere6:00PMandthestartwindowis2hours,theStartBytimewouldbe8:00PMonthedatespecified.
ThevalueofStartByisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampState(p.
114)Thecurrentstateofaresourcerecoverypoint.
Type:StringValidValues:CREATED|PENDING|RUNNING|ABORTING|ABORTED|COMPLETED|FAILED|EXPIREDStatusMessage(p.
114)Adetailedmessageexplainingthestatusofthejobtobackuparesource.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
DependencyFailureExceptionAdependentAWSserviceorresourcereturnedanerrortotheAWSBackupservice,andtheactioncannotbecompleted.
HTTPStatusCode:500InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500117AWSBackup开发人员指南DescribeBackupJobSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3118AWSBackup开发人员指南DescribeBackupVaultDescribeBackupVaultReturnsmetadataaboutabackupvaultspecifiedbyitsname.
RequestSyntaxGET/backup-vaults/backupVaultNameHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
119)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","BackupVaultName":"string","CreationDate":number,"CreatorRequestId":"string","EncryptionKeyArn":"string","NumberOfRecoveryPoints":number}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
119)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultName(p.
119)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
119AWSBackup开发人员指南DescribeBackupVaultType:StringCreationDate(p.
119)Thedateandtimethatabackupvaultiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatorRequestId(p.
119)Auniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringEncryptionKeyArn(p.
119)Theserver-sideencryptionkeythatisusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringNumberOfRecoveryPoints(p.
119)Thenumberofrecoverypointsthatarestoredinabackupvault.
Type:LongErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterface120AWSBackup开发人员指南DescribeBackupVaultAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3121AWSBackup开发人员指南DescribeCopyJobDescribeCopyJobReturnsmetadataassociatedwithcreatingacopyofaresource.
RequestSyntaxGET/copy-jobs/copyJobIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
copyJobId(p.
122)Uniquelyidentifiesacopyjob.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"CopyJob":{"AccountId":"string","BackupSizeInBytes":number,"CompletionDate":number,"CopyJobId":"string","CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"DestinationBackupVaultArn":"string","DestinationRecoveryPointArn":"string","IamRoleArn":"string","ResourceArn":"string","ResourceType":"string","SourceBackupVaultArn":"string","SourceRecoveryPointArn":"string","State":"string","StatusMessage":"string"}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
122AWSBackup开发人员指南DescribeCopyJobCopyJob(p.
122)Containsdetailedinformationaboutacopyjob.
Type:CopyJob(p.
247)objectErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3123AWSBackup开发人员指南DescribeGlobalSettingsDescribeGlobalSettingsThecurrentfeaturesettingsfortheAWSAccount.
RequestSyntaxGET/global-settingsHTTP/1.
1URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"GlobalSettings":{"string":"string"},"LastUpdateTime":number}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
GlobalSettings(p.
124)Alistofresourcesalongwiththeopt-inpreferencesfortheaccount.
Type:StringtostringmapLastUpdateTime(p.
124)Thedateandtimethattheglobalsettingswaslastupdated.
ThisupdateisinUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastUpdateTimeisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
124AWSBackup开发人员指南DescribeGlobalSettingsHTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3125AWSBackup开发人员指南DescribeProtectedResourceDescribeProtectedResourceReturnsinformationaboutasavedresource,includingthelasttimeitwasbackedup,itsAmazonResourceName(ARN),andtheAWSservicetypeofthesavedresource.
RequestSyntaxGET/resources/resourceArnHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
resourceArn(p.
126)AnAmazonResourceName(ARN)thatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"LastBackupTime":number,"ResourceArn":"string","ResourceType":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
LastBackupTime(p.
126)Thedateandtimethataresourcewaslastbackedup,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastBackupTimeisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampResourceArn(p.
126)AnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:String126AWSBackup开发人员指南DescribeProtectedResourceResourceType(p.
126)ThetypeofAWSresourcesavedasarecoverypoint;forexample,anEBSvolumeoranAmazonRDSdatabase.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3127AWSBackup开发人员指南DescribeRecoveryPointDescribeRecoveryPointReturnsmetadataassociatedwitharecoverypoint,includingID,status,encryption,andlifecycle.
RequestSyntaxGET/backup-vaults/backupVaultName/recovery-points/recoveryPointArnHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
128)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesrecoveryPointArn(p.
128)AnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupSizeInBytes":number,"BackupVaultArn":"string","BackupVaultName":"string","CalculatedLifecycle":{"DeleteAt":number,"MoveToColdStorageAt":number},"CompletionDate":number,"CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"EncryptionKeyArn":"string","IamRoleArn":"string",128AWSBackup开发人员指南DescribeRecoveryPoint"IsEncrypted":boolean,"LastRestoreTime":number,"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointArn":"string","ResourceArn":"string","ResourceType":"string","SourceBackupVaultArn":"string","Status":"string","StorageClass":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupSizeInBytes(p.
128)Thesize,inbytes,ofabackup.
Type:LongBackupVaultArn(p.
128)AnARNthatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultName(p.
128)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$CalculatedLifecycle(p.
128)ACalculatedLifecycleobjectcontainingDeleteAtandMoveToColdStorageAttimestamps.
Type:CalculatedLifecycle(p.
244)objectCompletionDate(p.
128)Thedateandtimethatajobtocreatearecoverypointiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatedBy(p.
128)Containsidentifyinginformationaboutthecreationofarecoverypoint,includingtheBackupPlanArn,BackupPlanId,BackupPlanVersion,andBackupRuleIdofthebackupplanusedtocreateit.
Type:RecoveryPointCreator(p.
257)object129AWSBackup开发人员指南DescribeRecoveryPointCreationDate(p.
128)Thedateandtimethatarecoverypointiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampEncryptionKeyArn(p.
128)Theserver-sideencryptionkeyusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringIamRoleArn(p.
128)SpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringIsEncrypted(p.
128)ABooleanvaluethatisreturnedasTRUEifthespecifiedrecoverypointisencrypted,orFALSEiftherecoverypointisnotencrypted.
Type:BooleanLastRestoreTime(p.
128)Thedateandtimethatarecoverypointwaslastrestored,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastRestoreTimeisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampLifecycle(p.
128)Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupsthataretransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRecoveryPointArn(p.
128)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringResourceArn(p.
128)AnARNthatuniquelyidentifiesasavedresource.
TheformatoftheARNdependsontheresourcetype.
Type:String130AWSBackup开发人员指南DescribeRecoveryPointResourceType(p.
128)ThetypeofAWSresourcetosaveasarecoverypoint;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$SourceBackupVaultArn(p.
128)AnAmazonResourceName(ARN)thatuniquelyidentifiesthesourcevaultwheretheresourcewasoriginallybackedupin;forexample,arn:aws:backup:us-east-1:123456789012:vault:BackupVault.
IftherecoveryisrestoredtothesameAWSaccountorRegion,thisvaluewillbenull.
Type:StringStatus(p.
128)Astatuscodespecifyingthestateoftherecoverypoint.
NoteApartialstatusindicatesthattherecoverypointwasnotsuccessfullyre-createdandmustberetried.
Type:StringValidValues:COMPLETED|PARTIAL|DELETING|EXPIREDStorageClass(p.
128)Specifiesthestorageclassoftherecoverypoint.
ValidvaluesareWARMorCOLD.
Type:StringValidValues:WARM|COLD|DELETEDErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
131AWSBackup开发人员指南DescribeRecoveryPointHTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3132AWSBackup开发人员指南DescribeRegionSettingsDescribeRegionSettingsReturnsthecurrentserviceopt-insettingsfortheRegion.
Ifservice-opt-inisenabledforaservice,AWSBackuptriestoprotectthatservice'sresourcesinthisRegion,whentheresourceisincludedinanon-demandbackuporscheduledbackupplan.
Otherwise,AWSBackupdoesnottrytoprotectthatservice'sresourcesinthisRegion,AWSBackupdoesnottrytoprotectthatservice'sresourcesinthisRegion.
RequestSyntaxGET/account-settingsHTTP/1.
1URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"ResourceTypeOptInPreference":{"string":boolean}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
ResourceTypeOptInPreference(p.
133)Returnsalistofallservicesalongwiththeopt-inpreferencesintheRegion.
Type:StringtobooleanmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500133AWSBackup开发人员指南DescribeRegionSettingsSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3134AWSBackup开发人员指南DescribeRestoreJobDescribeRestoreJobReturnsmetadataassociatedwitharestorejobthatisspecifiedbyajobID.
RequestSyntaxGET/restore-jobs/restoreJobIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
restoreJobId(p.
135)Uniquelyidentifiesthejobthatrestoresarecoverypoint.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"AccountId":"string","BackupSizeInBytes":number,"CompletionDate":number,"CreatedResourceArn":"string","CreationDate":number,"ExpectedCompletionTimeMinutes":number,"IamRoleArn":"string","PercentDone":"string","RecoveryPointArn":"string","ResourceType":"string","RestoreJobId":"string","Status":"string","StatusMessage":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
AccountId(p.
135)ReturnstheaccountIDthatownstherestorejob.
Type:StringPattern:^[0-9]{12}$135AWSBackup开发人员指南DescribeRestoreJobBackupSizeInBytes(p.
135)Thesize,inbytes,oftherestoredresource.
Type:LongCompletionDate(p.
135)Thedateandtimethatajobtorestorearecoverypointiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatedResourceArn(p.
135)AnAmazonResourceName(ARN)thatuniquelyidentifiesaresourcewhoserecoverypointisbeingrestored.
TheformatoftheARNdependsontheresourcetypeofthebacked-upresource.
Type:StringCreationDate(p.
135)Thedateandtimethatarestorejobiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampExpectedCompletionTimeMinutes(p.
135)Theamountoftimeinminutesthatajobrestoringarecoverypointisexpectedtotake.
Type:LongIamRoleArn(p.
135)SpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringPercentDone(p.
135)Containsanestimatedpercentagethatiscompleteofajobatthetimethejobstatuswasqueried.
Type:StringRecoveryPointArn(p.
135)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringResourceType(p.
135)Returnsmetadataassociatedwitharestorejoblistedbyresourcetype.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$RestoreJobId(p.
135)Uniquelyidentifiesthejobthatrestoresarecoverypoint.
Type:String136AWSBackup开发人员指南DescribeRestoreJobStatus(p.
135)StatuscodespecifyingthestateofthejobthatisinitiatedbyAWSBackuptorestorearecoverypoint.
Type:StringValidValues:PENDING|RUNNING|COMPLETED|ABORTED|FAILEDStatusMessage(p.
135)Amessageshowingthestatusofajobtorestorearecoverypoint.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
DependencyFailureExceptionAdependentAWSserviceorresourcereturnedanerrortotheAWSBackupservice,andtheactioncannotbecompleted.
HTTPStatusCode:500InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3137AWSBackup开发人员指南DescribeRestoreJobAWSSDKforPythonAWSSDKforRubyV3138AWSBackup开发人员指南ExportBackupPlanTemplateExportBackupPlanTemplateReturnsthebackupplanthatisspecifiedbytheplanIDasabackuptemplate.
RequestSyntaxGET/backup/plans/backupPlanId/toTemplate/HTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
139)Uniquelyidentifiesabackupplan.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanTemplateJson":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanTemplateJson(p.
139)ThebodyofabackupplantemplateinJSONformat.
NoteThisisasignedJSONdocumentthatcannotbemodifiedbeforebeingpassedtoGetBackupPlanFromJSON.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
139AWSBackup开发人员指南ExportBackupPlanTemplateHTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3140AWSBackup开发人员指南GetBackupPlanGetBackupPlanReturnsBackupPlandetailsforthespecifiedBackupPlanId.
ReturnsthebodyofabackupplaninJSONformat,inadditiontoplanmetadata.
RequestSyntaxGET/backup/plans/backupPlanId/versionId=VersionIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
141)Uniquelyidentifiesabackupplan.
Required:YesVersionId(p.
141)Unique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
VersionIDscannotbeedited.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlan":{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanName":"string","Rules":[{"CompletionWindowMinutes":number,"CopyActions":[{141AWSBackup开发人员指南GetBackupPlan"DestinationBackupVaultArn":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}],"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"RuleId":"string","RuleName":"string","ScheduleExpression":"string","StartWindowMinutes":number,"TargetBackupVaultName":"string"}]},"BackupPlanArn":"string","BackupPlanId":"string","CreationDate":number,"CreatorRequestId":"string","DeletionDate":number,"LastExecutionDate":number,"VersionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
AdvancedBackupSettings(p.
141)ContainsalistofBackupOptionsforeachresourcetype.
Thelistispopulatedonlyiftheadvancedoptionissetforthebackupplan.
Type:ArrayofAdvancedBackupSetting(p.
225)objectsBackupPlan(p.
141)Specifiesthebodyofabackupplan.
IncludesaBackupPlanNameandoneormoresetsofRules.
Type:BackupPlan(p.
230)objectBackupPlanArn(p.
141)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringBackupPlanId(p.
141)Uniquelyidentifiesabackupplan.
Type:String142AWSBackup开发人员指南GetBackupPlanCreationDate(p.
141)Thedateandtimethatabackupplaniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatorRequestId(p.
141)Auniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringDeletionDate(p.
141)Thedateandtimethatabackupplanisdeleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofDeletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampLastExecutionDate(p.
141)Thelasttimeajobtobackupresourceswasrunwiththisbackupplan.
Adateandtime,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastExecutionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampVersionId(p.
141)Unique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
VersionIDscannotbeedited.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
143AWSBackup开发人员指南GetBackupPlanHTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3144AWSBackup开发人员指南GetBackupPlanFromJSONGetBackupPlanFromJSONReturnsavalidJSONdocumentspecifyingabackupplanoranerror.
RequestSyntaxPOST/backup/template/json/toPlanHTTP/1.
1Content-type:application/json{"BackupPlanTemplateJson":"string"}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupPlanTemplateJson(p.
145)Acustomer-suppliedbackupplandocumentinJSONformat.
Type:StringRequired:YesResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlan":{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanName":"string","Rules":[{"CompletionWindowMinutes":number,"CopyActions":[{"DestinationBackupVaultArn":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}],"Lifecycle":{145AWSBackup开发人员指南GetBackupPlanFromJSON"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"RuleId":"string","RuleName":"string","ScheduleExpression":"string","StartWindowMinutes":number,"TargetBackupVaultName":"string"}]}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlan(p.
145)Specifiesthebodyofabackupplan.
IncludesaBackupPlanNameandoneormoresetsofRules.
Type:BackupPlan(p.
230)objectErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500146AWSBackup开发人员指南GetBackupPlanFromJSONSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3147AWSBackup开发人员指南GetBackupPlanFromTemplateGetBackupPlanFromTemplateReturnsthetemplatespecifiedbyitstemplateIdasabackupplan.
RequestSyntaxGET/backup/template/plans/templateId/toPlanHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
templateId(p.
148)Uniquelyidentifiesastoredbackupplantemplate.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanDocument":{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanName":"string","Rules":[{"CompletionWindowMinutes":number,"CopyActions":[{"DestinationBackupVaultArn":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}],"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"RuleId":"string",148AWSBackup开发人员指南GetBackupPlanFromTemplate"RuleName":"string","ScheduleExpression":"string","StartWindowMinutes":number,"TargetBackupVaultName":"string"}]}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanDocument(p.
148)Returnsthebodyofabackupplanbasedonthetargettemplate,includingthename,rules,andbackupvaultoftheplan.
Type:BackupPlan(p.
230)objectErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJava149AWSBackup开发人员指南GetBackupPlanFromTemplateAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3150AWSBackup开发人员指南GetBackupSelectionGetBackupSelectionReturnsselectionmetadataandadocumentinJSONformatthatspecifiesalistofresourcesthatareassociatedwithabackupplan.
RequestSyntaxGET/backup/plans/backupPlanId/selections/selectionIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
151)Uniquelyidentifiesabackupplan.
Required:YesselectionId(p.
151)Uniquelyidentifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanId":"string","BackupSelection":{"IamRoleArn":"string","ListOfTags":[{"ConditionKey":"string","ConditionType":"string","ConditionValue":"string"}],"Resources":["string"],"SelectionName":"string"},"CreationDate":number,"CreatorRequestId":"string","SelectionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
151AWSBackup开发人员指南GetBackupSelectionBackupPlanId(p.
151)Uniquelyidentifiesabackupplan.
Type:StringBackupSelection(p.
151)Specifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Type:BackupSelection(p.
239)objectCreationDate(p.
151)Thedateandtimeabackupselectioniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampCreatorRequestId(p.
151)Auniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringSelectionId(p.
151)Uniquelyidentifiesthebodyofarequesttoassignasetofresourcestoabackupplan.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:152AWSBackup开发人员指南GetBackupSelectionAWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3153AWSBackup开发人员指南GetBackupVaultAccessPolicyGetBackupVaultAccessPolicyReturnstheaccesspolicydocumentthatisassociatedwiththenamedbackupvault.
RequestSyntaxGET/backup-vaults/backupVaultName/access-policyHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
154)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","BackupVaultName":"string","Policy":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
154)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultName(p.
154)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
154AWSBackup开发人员指南GetBackupVaultAccessPolicyType:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Policy(p.
154)ThebackupvaultaccesspolicydocumentinJSONformat.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3155AWSBackup开发人员指南GetBackupVaultNotificationsGetBackupVaultNotificationsReturnseventnotificationsforthespecifiedbackupvault.
RequestSyntaxGET/backup-vaults/backupVaultName/notification-configurationHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
156)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","BackupVaultEvents":["string"],"BackupVaultName":"string","SNSTopicArn":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
156)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringBackupVaultEvents(p.
156)Anarrayofeventsthatindicatethestatusofjobstobackupresourcestothebackupvault.
Type:Arrayofstrings156AWSBackup开发人员指南GetBackupVaultNotificationsValidValues:BACKUP_JOB_STARTED|BACKUP_JOB_COMPLETED|BACKUP_JOB_SUCCESSFUL|BACKUP_JOB_FAILED|BACKUP_JOB_EXPIRED|RESTORE_JOB_STARTED|RESTORE_JOB_COMPLETED|RESTORE_JOB_SUCCESSFUL|RESTORE_JOB_FAILED|COPY_JOB_STARTED|COPY_JOB_SUCCESSFUL|COPY_JOB_FAILED|RECOVERY_POINT_MODIFIED|BACKUP_PLAN_CREATED|BACKUP_PLAN_MODIFIEDBackupVaultName(p.
156)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$SNSTopicArn(p.
156)AnARNthatuniquelyidentifiesanAmazonSimpleNotificationService(AmazonSNS)topic;forexample,arn:aws:sns:us-west-2:111122223333:MyTopic.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJava157AWSBackup开发人员指南GetBackupVaultNotificationsAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3158AWSBackup开发人员指南GetRecoveryPointRestoreMetadataGetRecoveryPointRestoreMetadataReturnsasetofmetadatakey-valuepairsthatwereusedtocreatethebackup.
RequestSyntaxGET/backup-vaults/backupVaultName/recovery-points/recoveryPointArn/restore-metadataHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
159)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesrecoveryPointArn(p.
159)AnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","RecoveryPointArn":"string","RestoreMetadata":{"string":"string"}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
159)AnARNthatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
159AWSBackup开发人员指南GetRecoveryPointRestoreMetadataType:StringRecoveryPointArn(p.
159)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRestoreMetadata(p.
159)Thesetofmetadatakey-valuepairsthatdescribetheoriginalconfigurationofthebacked-upresource.
Thesevaluesvarydependingontheservicethatisbeingrestored.
Type:StringtostringmapErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3160AWSBackup开发人员指南GetSupportedResourceTypesGetSupportedResourceTypesReturnstheAWSresourcetypessupportedbyAWSBackup.
RequestSyntaxGET/supported-resource-typesHTTP/1.
1URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"ResourceTypes":["string"]}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
ResourceTypes(p.
161)ContainsastringwiththesupportedAWSresourcetypes:DynamoDBforAmazonDynamoDBEBSforAmazonElasticBlockStoreEC2forAmazonElasticComputeCloudEFSforAmazonElasticFileSystemRDSforAmazonRelationalDatabaseServiceStorageGatewayforAWSStorageGatewayType:ArrayofstringsPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
161AWSBackup开发人员指南GetSupportedResourceTypesHTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3162AWSBackup开发人员指南ListBackupJobsListBackupJobsReturnsalistofexistingbackupjobsforanauthenticatedaccount.
RequestSyntaxGET/backup-jobs/accountId=ByAccountId&backupVaultName=ByBackupVaultName&createdAfter=ByCreatedAfter&createdBefore=ByCreHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
ByAccountId(p.
163)TheaccountIDtolistthejobsfrom.
ReturnsonlybackupjobsassociatedwiththespecifiedaccountID.
Pattern:^[0-9]{12}$ByBackupVaultName(p.
163)Returnsonlybackupjobsthatwillbestoredinthespecifiedbackupvault.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$ByCreatedAfter(p.
163)Returnsonlybackupjobsthatwerecreatedafterthespecifieddate.
ByCreatedBefore(p.
163)Returnsonlybackupjobsthatwerecreatedbeforethespecifieddate.
ByResourceArn(p.
163)ReturnsonlybackupjobsthatmatchthespecifiedresourceAmazonResourceName(ARN).
ByResourceType(p.
163)Returnsonlybackupjobsforthespecifiedresources:DynamoDBforAmazonDynamoDBEBSforAmazonElasticBlockStoreEC2forAmazonElasticComputeCloudEFSforAmazonElasticFileSystemRDSforAmazonRelationalDatabaseServiceStorageGatewayforAWSStorageGatewayPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ByState(p.
163)Returnsonlybackupjobsthatareinthespecifiedstate.
ValidValues:CREATED|PENDING|RUNNING|ABORTING|ABORTED|COMPLETED|FAILED|EXPIREDMaxResults(p.
163)Themaximumnumberofitemstobereturned.
163AWSBackup开发人员指南ListBackupJobsValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
163)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupJobs":[{"AccountId":"string","BackupJobId":"string","BackupOptions":{"string":"string"},"BackupSizeInBytes":number,"BackupType":"string","BackupVaultArn":"string","BackupVaultName":"string","BytesTransferred":number,"CompletionDate":number,"CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"ExpectedCompletionDate":number,"IamRoleArn":"string","PercentDone":"string","RecoveryPointArn":"string","ResourceArn":"string","ResourceType":"string","StartBy":number,"State":"string","StatusMessage":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupJobs(p.
164)AnarrayofstructurescontainingmetadataaboutyourbackupjobsreturnedinJSONformat.
164AWSBackup开发人员指南ListBackupJobsType:ArrayofBackupJob(p.
226)objectsNextToken(p.
164)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3165AWSBackup开发人员指南ListBackupPlansListBackupPlansReturnsalistofexistingbackupplansforanauthenticatedaccount.
Thelistispopulatedonlyiftheadvancedoptionissetforthebackupplan.
ThelistcontainsinformationsuchasAmazonResourceNames(ARNs),planIDs,creationanddeletiondates,versionIDs,plannames,andcreatorrequestIDs.
RequestSyntaxGET/backup/plans/includeDeleted=IncludeDeleted&maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
IncludeDeleted(p.
166)ABooleanvaluewithadefaultvalueofFALSEthatreturnsdeletedbackupplanswhensettoTRUE.
MaxResults(p.
166)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
166)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlansList":[{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanName":"string","CreationDate":number,"CreatorRequestId":"string","DeletionDate":number,"LastExecutionDate":number,166AWSBackup开发人员指南ListBackupPlans"VersionId":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlansList(p.
166)Anarrayofbackupplanlistitemscontainingmetadataaboutyoursavedbackupplans.
Type:ArrayofBackupPlansListMember(p.
232)objectsNextToken(p.
166)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NET167AWSBackup开发人员指南ListBackupPlansAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3168AWSBackup开发人员指南ListBackupPlanTemplatesListBackupPlanTemplatesReturnsmetadataofyoursavedbackupplantemplates,includingthetemplateID,name,andthecreationanddeletiondates.
RequestSyntaxGET/backup/template/plansmaxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
MaxResults(p.
169)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
169)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanTemplatesList":[{"BackupPlanTemplateId":"string","BackupPlanTemplateName":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanTemplatesList(p.
169)Anarrayoftemplatelistitemscontainingmetadataaboutyoursavedtemplates.
Type:ArrayofBackupPlanTemplatesListMember(p.
234)objects169AWSBackup开发人员指南ListBackupPlanTemplatesNextToken(p.
169)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3170AWSBackup开发人员指南ListBackupPlanVersionsListBackupPlanVersionsReturnsversionmetadataofyourbackupplans,includingAmazonResourceNames(ARNs),backupplanIDs,creationanddeletiondates,plannames,andversionIDs.
RequestSyntaxGET/backup/plans/backupPlanId/versions/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
171)Uniquelyidentifiesabackupplan.
Required:YesMaxResults(p.
171)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
171)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupPlanVersionsList":[{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanName":"string","CreationDate":number,"CreatorRequestId":"string","DeletionDate":number,"LastExecutionDate":number,171AWSBackup开发人员指南ListBackupPlanVersions"VersionId":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupPlanVersionsList(p.
171)Anarrayofversionlistitemscontainingmetadataaboutyourbackupplans.
Type:ArrayofBackupPlansListMember(p.
232)objectsNextToken(p.
171)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NET172AWSBackup开发人员指南ListBackupPlanVersionsAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3173AWSBackup开发人员指南ListBackupSelectionsListBackupSelectionsReturnsanarraycontainingmetadataoftheresourcesassociatedwiththetargetbackupplan.
RequestSyntaxGET/backup/plans/backupPlanId/selections/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
174)Uniquelyidentifiesabackupplan.
Required:YesMaxResults(p.
174)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
174)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupSelectionsList":[{"BackupPlanId":"string","CreationDate":number,"CreatorRequestId":"string","IamRoleArn":"string","SelectionId":"string","SelectionName":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
174AWSBackup开发人员指南ListBackupSelectionsThefollowingdataisreturnedinJSONformatbytheservice.
BackupSelectionsList(p.
174)Anarrayofbackupselectionlistitemscontainingmetadataabouteachresourceinthelist.
Type:ArrayofBackupSelectionsListMember(p.
240)objectsNextToken(p.
174)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3175AWSBackup开发人员指南ListBackupVaultsListBackupVaultsReturnsalistofrecoverypointstoragecontainersalongwithinformationaboutthem.
RequestSyntaxGET/backup-vaults/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
MaxResults(p.
176)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
176)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultList":[{"BackupVaultArn":"string","BackupVaultName":"string","CreationDate":number,"CreatorRequestId":"string","EncryptionKeyArn":"string","NumberOfRecoveryPoints":number}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultList(p.
176)Anarrayofbackupvaultlistmemberscontainingvaultmetadata,includingAmazonResourceName(ARN),displayname,creationdate,numberofsavedrecoverypoints,andencryptioninformationiftheresourcessavedinthebackupvaultareencrypted.
176AWSBackup开发人员指南ListBackupVaultsType:ArrayofBackupVaultListMember(p.
242)objectsNextToken(p.
176)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3177AWSBackup开发人员指南ListCopyJobsListCopyJobsReturnsmetadataaboutyourcopyjobs.
RequestSyntaxGET/copy-jobs/accountId=ByAccountId&createdAfter=ByCreatedAfter&createdBefore=ByCreatedBefore&destinationVaultArn=ByDHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
ByAccountId(p.
178)TheaccountIDtolistthejobsfrom.
ReturnsonlycopyjobsassociatedwiththespecifiedaccountID.
Pattern:^[0-9]{12}$ByCreatedAfter(p.
178)Returnsonlycopyjobsthatwerecreatedafterthespecifieddate.
ByCreatedBefore(p.
178)Returnsonlycopyjobsthatwerecreatedbeforethespecifieddate.
ByDestinationVaultArn(p.
178)AnAmazonResourceName(ARN)thatuniquelyidentifiesasourcebackupvaulttocopyfrom;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
ByResourceArn(p.
178)ReturnsonlycopyjobsthatmatchthespecifiedresourceAmazonResourceName(ARN).
ByResourceType(p.
178)Returnsonlybackupjobsforthespecifiedresources:DynamoDBforAmazonDynamoDBEBSforAmazonElasticBlockStoreEC2forAmazonElasticComputeCloudEFSforAmazonElasticFileSystemRDSforAmazonRelationalDatabaseServiceStorageGatewayforAWSStorageGatewayPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ByState(p.
178)Returnsonlycopyjobsthatareinthespecifiedstate.
ValidValues:CREATED|RUNNING|COMPLETED|FAILEDMaxResults(p.
178)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
178AWSBackup开发人员指南ListCopyJobsNextToken(p.
178)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"CopyJobs":[{"AccountId":"string","BackupSizeInBytes":number,"CompletionDate":number,"CopyJobId":"string","CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"DestinationBackupVaultArn":"string","DestinationRecoveryPointArn":"string","IamRoleArn":"string","ResourceArn":"string","ResourceType":"string","SourceBackupVaultArn":"string","SourceRecoveryPointArn":"string","State":"string","StatusMessage":"string"}],"NextToken":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
CopyJobs(p.
179)AnarrayofstructurescontainingmetadataaboutyourcopyjobsreturnedinJSONformat.
Type:ArrayofCopyJob(p.
247)objectsNextToken(p.
179)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
179AWSBackup开发人员指南ListCopyJobsType:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3180AWSBackup开发人员指南ListProtectedResourcesListProtectedResourcesReturnsanarrayofresourcessuccessfullybackedupbyAWSBackup,includingthetimetheresourcewassaved,anAmazonResourceName(ARN)oftheresource,andaresourcetype.
RequestSyntaxGET/resources/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
MaxResults(p.
181)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
181)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"NextToken":"string","Results":[{"LastBackupTime":number,"ResourceArn":"string","ResourceType":"string"}]}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
NextToken(p.
181)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
181AWSBackup开发人员指南ListProtectedResourcesType:StringResults(p.
181)AnarrayofresourcessuccessfullybackedupbyAWSBackupincludingthetimetheresourcewassaved,anAmazonResourceName(ARN)oftheresource,andaresourcetype.
Type:ArrayofProtectedResource(p.
251)objectsErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3182AWSBackup开发人员指南ListRecoveryPointsByBackupVaultListRecoveryPointsByBackupVaultReturnsdetailedinformationabouttherecoverypointsstoredinabackupvault.
RequestSyntaxGET/backup-vaults/backupVaultName/recovery-points/backupPlanId=ByBackupPlanId&createdAfter=ByCreatedAfter&createdBefore=ByCreatedBefore&maxResults=MaxResHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
183)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesByBackupPlanId(p.
183)ReturnsonlyrecoverypointsthatmatchthespecifiedbackupplanID.
ByCreatedAfter(p.
183)Returnsonlyrecoverypointsthatwerecreatedafterthespecifiedtimestamp.
ByCreatedBefore(p.
183)Returnsonlyrecoverypointsthatwerecreatedbeforethespecifiedtimestamp.
ByResourceArn(p.
183)ReturnsonlyrecoverypointsthatmatchthespecifiedresourceAmazonResourceName(ARN).
ByResourceType(p.
183)Returnsonlyrecoverypointsthatmatchthespecifiedresourcetype.
Pattern:^[a-zA-Z0-9\-\_\.
]{1,50}$MaxResults(p.
183)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
183)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
183AWSBackup开发人员指南ListRecoveryPointsByBackupVaultResponseSyntaxHTTP/1.
1200Content-type:application/json{"NextToken":"string","RecoveryPoints":[{"BackupSizeInBytes":number,"BackupVaultArn":"string","BackupVaultName":"string","CalculatedLifecycle":{"DeleteAt":number,"MoveToColdStorageAt":number},"CompletionDate":number,"CreatedBy":{"BackupPlanArn":"string","BackupPlanId":"string","BackupPlanVersion":"string","BackupRuleId":"string"},"CreationDate":number,"EncryptionKeyArn":"string","IamRoleArn":"string","IsEncrypted":boolean,"LastRestoreTime":number,"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointArn":"string","ResourceArn":"string","ResourceType":"string","SourceBackupVaultArn":"string","Status":"string"}]}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
NextToken(p.
184)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringRecoveryPoints(p.
184)Anarrayofobjectsthatcontaindetailedinformationaboutrecoverypointssavedinabackupvault.
Type:ArrayofRecoveryPointByBackupVault(p.
252)objects184AWSBackup开发人员指南ListRecoveryPointsByBackupVaultErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3185AWSBackup开发人员指南ListRecoveryPointsByResourceListRecoveryPointsByResourceReturnsdetailedinformationaboutrecoverypointsofthetypespecifiedbyaresourceAmazonResourceName(ARN).
RequestSyntaxGET/resources/resourceArn/recovery-points/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
MaxResults(p.
186)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
186)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
resourceArn(p.
186)AnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"NextToken":"string","RecoveryPoints":[{"BackupSizeBytes":number,"BackupVaultName":"string","CreationDate":number,"EncryptionKeyArn":"string","RecoveryPointArn":"string","Status":"string"}]}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
186AWSBackup开发人员指南ListRecoveryPointsByResourceThefollowingdataisreturnedinJSONformatbytheservice.
NextToken(p.
186)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringRecoveryPoints(p.
186)Anarrayofobjectsthatcontaindetailedinformationaboutrecoverypointsofthespecifiedresourcetype.
Type:ArrayofRecoveryPointByResource(p.
255)objectsErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3187AWSBackup开发人员指南ListRecoveryPointsByResource188AWSBackup开发人员指南ListRestoreJobsListRestoreJobsReturnsalistofjobsthatAWSBackupinitiatedtorestoreasavedresource,includingmetadataabouttherecoveryprocess.
RequestSyntaxGET/restore-jobs/accountId=ByAccountId&createdAfter=ByCreatedAfter&createdBefore=ByCreatedBefore&maxResults=MaxResults&nHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
ByAccountId(p.
189)TheaccountIDtolistthejobsfrom.
ReturnsonlyrestorejobsassociatedwiththespecifiedaccountID.
Pattern:^[0-9]{12}$ByCreatedAfter(p.
189)Returnsonlyrestorejobsthatwerecreatedafterthespecifieddate.
ByCreatedBefore(p.
189)Returnsonlyrestorejobsthatwerecreatedbeforethespecifieddate.
ByStatus(p.
189)Returnsonlyrestorejobsassociatedwiththespecifiedjobstatus.
ValidValues:PENDING|RUNNING|COMPLETED|ABORTED|FAILEDMaxResults(p.
189)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
189)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
RequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"NextToken":"string","RestoreJobs":[189AWSBackup开发人员指南ListRestoreJobs{"AccountId":"string","BackupSizeInBytes":number,"CompletionDate":number,"CreatedResourceArn":"string","CreationDate":number,"ExpectedCompletionTimeMinutes":number,"IamRoleArn":"string","PercentDone":"string","RecoveryPointArn":"string","ResourceType":"string","RestoreJobId":"string","Status":"string","StatusMessage":"string"}]}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
NextToken(p.
189)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringRestoreJobs(p.
189)Anarrayofobjectsthatcontaindetailedinformationaboutjobstorestoresavedresources.
Type:ArrayofRestoreJobsListMember(p.
258)objectsErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
190AWSBackup开发人员指南ListRestoreJobsHTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3191AWSBackup开发人员指南ListTagsListTagsReturnsalistofkey-valuepairsassignedtoatargetrecoverypoint,backupplan,orbackupvault.
NoteListTagsarecurrentlyonlysupportedwithAmazonEFSbackups.
RequestSyntaxGET/tags/resourceArn/maxResults=MaxResults&nextToken=NextTokenHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
MaxResults(p.
192)Themaximumnumberofitemstobereturned.
ValidRange:Minimumvalueof1.
Maximumvalueof1000.
NextToken(p.
192)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
resourceArn(p.
192)AnAmazonResourceName(ARN)thatuniquelyidentifiesaresource.
TheformatoftheARNdependsonthetypeofresource.
ValidtargetsforListTagsarerecoverypoints,backupplans,andbackupvaults.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200Content-type:application/json{"NextToken":"string","Tags":{"string":"string"}}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
192AWSBackup开发人员指南ListTagsNextToken(p.
192)Thenextitemfollowingapartiallistofreturneditems.
Forexample,ifarequestismadetoreturnmaxResultsnumberofitems,NextTokenallowsyoutoreturnmoreitemsinyourliststartingatthelocationpointedtobythenexttoken.
Type:StringTags(p.
192)Tohelporganizeyourresources,youcanassignyourownmetadatatotheresourcesyoucreate.
Eachtagisakey-valuepair.
Type:StringtostringmapErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3193AWSBackup开发人员指南PutBackupVaultAccessPolicyPutBackupVaultAccessPolicySetsaresource-basedpolicythatisusedtomanageaccesspermissionsonthetargetbackupvault.
RequiresabackupvaultnameandanaccesspolicydocumentinJSONformat.
RequestSyntaxPUT/backup-vaults/backupVaultName/access-policyHTTP/1.
1Content-type:application/json{"Policy":"string"}URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
194)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
Policy(p.
194)ThebackupvaultaccesspolicydocumentinJSONformat.
Type:StringRequired:NoResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
194AWSBackup开发人员指南PutBackupVaultAccessPolicyHTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3195AWSBackup开发人员指南PutBackupVaultNotificationsPutBackupVaultNotificationsTurnsonnotificationsonabackupvaultforthespecifiedtopicandevents.
RequestSyntaxPUT/backup-vaults/backupVaultName/notification-configurationHTTP/1.
1Content-type:application/json{"BackupVaultEvents":["string"],"SNSTopicArn":"string"}URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
196)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupVaultEvents(p.
196)Anarrayofeventsthatindicatethestatusofjobstobackupresourcestothebackupvault.
Type:ArrayofstringsValidValues:BACKUP_JOB_STARTED|BACKUP_JOB_COMPLETED|BACKUP_JOB_SUCCESSFUL|BACKUP_JOB_FAILED|BACKUP_JOB_EXPIRED|RESTORE_JOB_STARTED|RESTORE_JOB_COMPLETED|RESTORE_JOB_SUCCESSFUL|RESTORE_JOB_FAILED|COPY_JOB_STARTED|COPY_JOB_SUCCESSFUL|COPY_JOB_FAILED|RECOVERY_POINT_MODIFIED|BACKUP_PLAN_CREATED|BACKUP_PLAN_MODIFIEDRequired:YesSNSTopicArn(p.
196)TheAmazonResourceName(ARN)thatspecifiesthetopicforabackupvault'sevents;forexample,arn:aws:sns:us-west-2:111122223333:MyVaultTopic.
Type:StringRequired:YesResponseSyntaxHTTP/1.
1200196AWSBackup开发人员指南PutBackupVaultNotificationsResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3197AWSBackup开发人员指南StartBackupJobStartBackupJobStartsanon-demandbackupjobforthespecifiedresource.
RequestSyntaxPUT/backup-jobsHTTP/1.
1Content-type:application/json{"BackupOptions":{"string":"string"},"BackupVaultName":"string","CompleteWindowMinutes":number,"IamRoleArn":"string","IdempotencyToken":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"ResourceArn":"string","StartWindowMinutes":number}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupOptions(p.
198)Specifiesthebackupoptionforaselectedresource.
ThisoptionisonlyavailableforWindowsVSSbackupjobs.
Validvalues:Setto"WindowsVSS":"enabled"toenableWindowsVSSbackupoptionandcreateaVSSWindowsbackup.
Setto"WindowsVSS":"disabled"tocreatearegularbackup.
TheWindowsVSSoptionisnotenabledbydefault.
Type:StringtostringmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ValuePattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoBackupVaultName(p.
198)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:String198AWSBackup开发人员指南StartBackupJobPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesCompleteWindowMinutes(p.
198)AvalueinminutesafterabackupjobissuccessfullystartedbeforeitmustbecompletedoritwillbecanceledbyAWSBackup.
Thisvalueisoptional.
Type:LongRequired:NoIamRoleArn(p.
198)SpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:YesIdempotencyToken(p.
198)AcustomerchosenstringthatcanbeusedtodistinguishbetweencallstoStartBackupJob.
Type:StringRequired:NoLifecycle(p.
198)Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackupwilltransitionandexpirebackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:NoRecoveryPointTags(p.
198)Tohelporganizeyourresources,youcanassignyourownmetadatatotheresourcesthatyoucreate.
Eachtagisakey-valuepair.
Type:StringtostringmapRequired:NoResourceArn(p.
198)AnAmazonResourceName(ARN)thatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringRequired:YesStartWindowMinutes(p.
198)Avalueinminutesafterabackupisscheduledbeforeajobwillbecanceledifitdoesn'tstartsuccessfully.
Thisvalueisoptional.
199AWSBackup开发人员指南StartBackupJobType:LongRequired:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupJobId":"string","CreationDate":number,"RecoveryPointArn":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupJobId(p.
200)UniquelyidentifiesarequesttoAWSBackuptobackuparesource.
Type:StringCreationDate(p.
200)Thedateandtimethatabackupjobisstarted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRecoveryPointArn(p.
200)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400200AWSBackup开发人员指南StartBackupJobLimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3201AWSBackup开发人员指南StartCopyJobStartCopyJobStartsajobtocreateaone-timecopyofthespecifiedresource.
RequestSyntaxPUT/copy-jobsHTTP/1.
1Content-type:application/json{"DestinationBackupVaultArn":"string","IamRoleArn":"string","IdempotencyToken":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointArn":"string","SourceBackupVaultName":"string"}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
DestinationBackupVaultArn(p.
202)AnAmazonResourceName(ARN)thatuniquelyidentifiesadestinationbackupvaulttocopyto;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringRequired:YesIamRoleArn(p.
202)SpecifiestheIAMroleARNusedtocopythetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:YesIdempotencyToken(p.
202)AcustomerchosenstringthatcanbeusedtodistinguishbetweencallstoStartCopyJob.
Type:StringRequired:NoLifecycle(p.
202)ContainsanarrayofTransitionobjectsspecifyinghowlongindaysbeforearecoverypointtransitionstocoldstorageorisdeleted.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,ontheconsole,the"expireafterdays"settingmustbe90daysgreaterthanthe"transition202AWSBackup开发人员指南StartCopyJobtocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:NoRecoveryPointArn(p.
202)AnARNthatuniquelyidentifiesarecoverypointtouseforthecopyjob;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:YesSourceBackupVaultName(p.
202)Thenameofalogicalsourcecontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesResponseSyntaxHTTP/1.
1200Content-type:application/json{"CopyJobId":"string","CreationDate":number}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
CopyJobId(p.
203)Uniquelyidentifiesacopyjob.
Type:StringCreationDate(p.
203)Thedateandtimethatacopyjobisstarted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:Timestamp203AWSBackup开发人员指南StartCopyJobErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3204AWSBackup开发人员指南StartRestoreJobStartRestoreJobRecoversthesavedresourceidentifiedbyanAmazonResourceName(ARN).
RequestSyntaxPUT/restore-jobsHTTP/1.
1Content-type:application/json{"IamRoleArn":"string","IdempotencyToken":"string","Metadata":{"string":"string"},"RecoveryPointArn":"string","ResourceType":"string"}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
IamRoleArn(p.
205)TheAmazonResourceName(ARN)oftheIAMrolethatAWSBackupusestocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:YesIdempotencyToken(p.
205)AcustomerchosenstringthatcanbeusedtodistinguishbetweencallstoStartRestoreJob.
Type:StringRequired:NoMetadata(p.
205)Asetofmetadatakey-valuepairs.
Containsinformation,suchasaresourcename,requiredtorestorearecoverypoint.
YoucangetconfigurationmetadataaboutaresourceatthetimeitwasbackedupbycallingGetRecoveryPointRestoreMetadata.
However,valuesinadditiontothoseprovidedbyGetRecoveryPointRestoreMetadatamightberequiredtorestorearesource.
Forexample,youmightneedtoprovideanewresourcenameiftheoriginalalreadyexists.
YouneedtospecifyspecificmetadatatorestoreanAmazonElasticFileSystem(AmazonEFS)instance:file-system-id:TheIDoftheAmazonEFSfilesystemthatisbackedupbyAWSBackup.
ReturnedinGetRecoveryPointRestoreMetadata.
205AWSBackup开发人员指南StartRestoreJobEncrypted:ABooleanvaluethat,iftrue,specifiesthatthefilesystemisencrypted.
IfKmsKeyIdisspecified,Encryptedmustbesettotrue.
KmsKeyId:SpecifiestheAWSKMSkeythatisusedtoencrypttherestoredfilesystem.
YoucanspecifyakeyfromanotherAWSaccountprovidedthatkeyitisproperlysharedwithyouraccountviaAWSKMS.
PerformanceMode:Specifiesthethroughputmodeofthefilesystem.
CreationToken:Auser-suppliedvaluethatensurestheuniqueness(idempotency)oftherequest.
newFileSystem:ABooleanvaluethat,iftrue,specifiesthattherecoverypointisrestoredtoanewAmazonEFSfilesystem.
ItemsToRestore:Aserializedlistofuptofivestringswhereeachstringisafilepath.
UseItemsToRestoretorestorespecificfilesordirectoriesratherthantheentirefilesystem.
Thisparameterisoptional.
Type:StringtostringmapRequired:YesRecoveryPointArn(p.
205)AnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:YesResourceType(p.
205)Startsajobtorestorearecoverypointforoneofthefollowingresources:DynamoDBforAmazonDynamoDBEBSforAmazonElasticBlockStoreEC2forAmazonElasticComputeCloudEFSforAmazonElasticFileSystemRDSforAmazonRelationalDatabaseServiceStorageGatewayforAWSStorageGatewayType:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"RestoreJobId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
206AWSBackup开发人员指南StartRestoreJobRestoreJobId(p.
206)Uniquelyidentifiesthejobthatrestoresarecoverypoint.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3207AWSBackup开发人员指南StopBackupJobStopBackupJobAttemptstocancelajobtocreateaone-timebackupofaresource.
RequestSyntaxPOST/backup-jobs/backupJobIdHTTP/1.
1URIRequestParametersTherequestusesthefollowingURIparameters.
backupJobId(p.
208)UniquelyidentifiesarequesttoAWSBackuptobackuparesource.
Required:YesRequestBodyTherequestdoesnothavearequestbody.
ResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
208AWSBackup开发人员指南StopBackupJobHTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3209AWSBackup开发人员指南TagResourceTagResourceAssignsasetofkey-valuepairstoarecoverypoint,backupplan,orbackupvaultidentifiedbyanAmazonResourceName(ARN).
RequestSyntaxPOST/tags/resourceArnHTTP/1.
1Content-type:application/json{"Tags":{"string":"string"}}URIRequestParametersTherequestusesthefollowingURIparameters.
resourceArn(p.
210)AnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsonthetypeofthetaggedresource.
Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
Tags(p.
210)Key-valuepairsthatareusedtohelporganizeyourresources.
Youcanassignyourownmetadatatotheresourcesyoucreate.
Type:StringtostringmapRequired:YesResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
210AWSBackup开发人员指南TagResourceHTTPStatusCode:400LimitExceededExceptionAlimitintherequesthasbeenexceeded;forexample,amaximumnumberofitemsallowedinarequest.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3211AWSBackup开发人员指南UntagResourceUntagResourceRemovesasetofkey-valuepairsfromarecoverypoint,backupplan,orbackupvaultidentifiedbyanAmazonResourceName(ARN)RequestSyntaxPOST/untag/resourceArnHTTP/1.
1Content-type:application/json{"TagKeyList":["string"]}URIRequestParametersTherequestusesthefollowingURIparameters.
resourceArn(p.
212)AnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsonthetypeofthetaggedresource.
Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
TagKeyList(p.
212)Alistofkeystoidentifywhichkey-valuetagstoremovefromaresource.
Type:ArrayofstringsRequired:YesResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400212AWSBackup开发人员指南UntagResourceMissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3213AWSBackup开发人员指南UpdateBackupPlanUpdateBackupPlanUpdatesanexistingbackupplanidentifiedbyitsbackupPlanIdwiththeinputdocumentinJSONformat.
ThenewversionisuniquelyidentifiedbyaVersionId.
RequestSyntaxPOST/backup/plans/backupPlanIdHTTP/1.
1Content-type:application/json{"BackupPlan":{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanName":"string","Rules":[{"CompletionWindowMinutes":number,"CopyActions":[{"DestinationBackupVaultArn":"string","Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}],"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointTags":{"string":"string"},"RuleName":"string","ScheduleExpression":"string","StartWindowMinutes":number,"TargetBackupVaultName":"string"}]}}URIRequestParametersTherequestusesthefollowingURIparameters.
backupPlanId(p.
214)Uniquelyidentifiesabackupplan.
Required:Yes214AWSBackup开发人员指南UpdateBackupPlanRequestBodyTherequestacceptsthefollowingdatainJSONformat.
BackupPlan(p.
214)Specifiesthebodyofabackupplan.
IncludesaBackupPlanNameandoneormoresetsofRules.
Type:BackupPlanInput(p.
231)objectRequired:YesResponseSyntaxHTTP/1.
1200Content-type:application/json{"AdvancedBackupSettings":[{"BackupOptions":{"string":"string"},"ResourceType":"string"}],"BackupPlanArn":"string","BackupPlanId":"string","CreationDate":number,"VersionId":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
AdvancedBackupSettings(p.
215)ContainsalistofBackupOptionsforeachresourcetype.
Type:ArrayofAdvancedBackupSetting(p.
225)objectsBackupPlanArn(p.
215)AnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringBackupPlanId(p.
215)Uniquelyidentifiesabackupplan.
Type:StringCreationDate(p.
215)Thedateandtimeabackupplanisupdated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
215AWSBackup开发人员指南UpdateBackupPlanType:TimestampVersionId(p.
215)Unique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
VersionIdscannotbeedited.
Type:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3216AWSBackup开发人员指南UpdateGlobalSettingsUpdateGlobalSettingsUpdatesthecurrentglobalsettingsfortheAWSAccount.
UsetheDescribeGlobalSettingsAPItodeterminethecurrentsettings.
RequestSyntaxPUT/global-settingsHTTP/1.
1Content-type:application/json{"GlobalSettings":{"string":"string"}}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
GlobalSettings(p.
217)Alistofresourcesalongwiththeopt-inpreferencesfortheaccount.
Type:StringtostringmapRequired:NoResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400InvalidRequestExceptionIndicatesthatsomethingiswrongwiththeinputtotherequest.
Forexample,aparameterisofthewrongtype.
HTTPStatusCode:400217AWSBackup开发人员指南UpdateGlobalSettingsMissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3218AWSBackup开发人员指南UpdateRecoveryPointLifecycleUpdateRecoveryPointLifecycleSetsthetransitionlifecycleofarecoverypoint.
Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
RequestSyntaxPOST/backup-vaults/backupVaultName/recovery-points/recoveryPointArnHTTP/1.
1Content-type:application/json{"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number}}URIRequestParametersTherequestusesthefollowingURIparameters.
backupVaultName(p.
219)Thenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Pattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesrecoveryPointArn(p.
219)AnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Required:YesRequestBodyTherequestacceptsthefollowingdatainJSONformat.
Lifecycle(p.
219)Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafter219AWSBackup开发人员指南UpdateRecoveryPointLifecycledays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
Type:Lifecycle(p.
250)objectRequired:NoResponseSyntaxHTTP/1.
1200Content-type:application/json{"BackupVaultArn":"string","CalculatedLifecycle":{"DeleteAt":number,"MoveToColdStorageAt":number},"Lifecycle":{"DeleteAfterDays":number,"MoveToColdStorageAfterDays":number},"RecoveryPointArn":"string"}ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200response.
ThefollowingdataisreturnedinJSONformatbytheservice.
BackupVaultArn(p.
220)AnARNthatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringCalculatedLifecycle(p.
220)ACalculatedLifecycleobjectcontainingDeleteAtandMoveToColdStorageAttimestamps.
Type:CalculatedLifecycle(p.
244)objectLifecycle(p.
220)Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRecoveryPointArn(p.
220)AnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
220AWSBackup开发人员指南UpdateRecoveryPointLifecycleType:StringErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400MissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ResourceNotFoundExceptionAresourcethatisrequiredfortheactiondoesn'texist.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3221AWSBackup开发人员指南UpdateRegionSettingsUpdateRegionSettingsUpdatesthecurrentserviceopt-insettingsfortheRegion.
Ifservice-opt-inisenabledforaservice,AWSBackuptriestoprotectthatservice'sresourcesinthisRegion,whentheresourceisincludedinanon-demandbackuporscheduledbackupplan.
Otherwise,AWSBackupdoesnottrytoprotectthatservice'sresourcesinthisRegion.
UsetheDescribeRegionSettingsAPItodeterminetheresourcetypesthataresupported.
RequestSyntaxPUT/account-settingsHTTP/1.
1Content-type:application/json{"ResourceTypeOptInPreference":{"string":boolean}}URIRequestParametersTherequestdoesnotuseanyURIparameters.
RequestBodyTherequestacceptsthefollowingdatainJSONformat.
ResourceTypeOptInPreference(p.
222)Updatesthelistofservicesalongwiththeopt-inpreferencesfortheRegion.
Type:StringtobooleanmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoResponseSyntaxHTTP/1.
1200ResponseElementsIftheactionissuccessful,theservicesendsbackanHTTP200responsewithanemptyHTTPbody.
ErrorsForinformationabouttheerrorsthatarecommontoallactions,seeCommonErrors(p.
260).
InvalidParameterValueExceptionIndicatesthatsomethingiswrongwithaparameter'svalue.
Forexample,thevalueisoutofrange.
HTTPStatusCode:400222AWSBackup开发人员指南DataTypesMissingParameterValueExceptionIndicatesthatarequiredparameterismissing.
HTTPStatusCode:400ServiceUnavailableExceptionTherequestfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:500SeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSCommandLineInterfaceAWSSDKfor.
NETAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforJavaScriptAWSSDKforPHPV3AWSSDKforPythonAWSSDKforRubyV3DataTypesThefollowingdatatypesaresupported:AdvancedBackupSetting(p.
225)BackupJob(p.
226)BackupPlan(p.
230)BackupPlanInput(p.
231)BackupPlansListMember(p.
232)BackupPlanTemplatesListMember(p.
234)BackupRule(p.
235)BackupRuleInput(p.
237)BackupSelection(p.
239)BackupSelectionsListMember(p.
240)BackupVaultListMember(p.
242)CalculatedLifecycle(p.
244)Condition(p.
245)CopyAction(p.
246)CopyJob(p.
247)Lifecycle(p.
250)ProtectedResource(p.
251)RecoveryPointByBackupVault(p.
252)RecoveryPointByResource(p.
255)223AWSBackup开发人员指南DataTypesRecoveryPointCreator(p.
257)RestoreJobsListMember(p.
258)224AWSBackup开发人员指南AdvancedBackupSettingAdvancedBackupSettingAlistofbackupoptionsforeachresourcetype.
ContentsBackupOptionsSpecifiesthebackupoptionforaselectedresource.
ThisoptionisonlyavailableforWindowsVSSbackupjobs.
Validvalues:Setto"WindowsVSS":"enabled"toenabletheWindowsVSSbackupoptionandcreateaVSSWindowsbackup.
Setto"WindowsVSS":"disabled"tocreatearegularbackup.
TheWindowsVSSoptionisnotenabledbydefault.
Ifyouspecifyaninvalidoption,yougetanInvalidParameterValueExceptionexception.
FormoreinformationaboutWindowsVSSbackups,seeCreatingaVSS-EnabledWindowsBackup.
Type:StringtostringmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ValuePattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoResourceTypeSpecifiesanobjectcontainingresourcetypeandbackupoptions.
ThisisonlySupportedforWindowsVSSBackup.
TheonlysupportedresourcetypeisAmazonEC2.
Validvalues:EC2.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3225AWSBackup开发人员指南BackupJobBackupJobContainsdetailedinformationaboutabackupjob.
ContentsAccountIdTheaccountIDthatownsthebackupjob.
Type:StringPattern:^[0-9]{12}$Required:NoBackupJobIdUniquelyidentifiesarequesttoAWSBackuptobackuparesource.
Type:StringRequired:NoBackupOptionsSpecifiesthebackupoptionforaselectedresource.
ThisoptionisonlyavailableforWindowsVSSbackupjobs.
Validvalues:Setto"WindowsVSS":"enabled"toenableWindowsVSSbackupoptionandcreateaVSSWindowsbackup.
Setto"WindowsVSS":"disabled"tocreatearegularbackup.
Ifyouspecifyaninvalidoption,yougetanInvalidParameterValueExceptionexception.
Type:StringtostringmapKeyPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$ValuePattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoBackupSizeInBytesThesize,inbytes,ofabackup.
Type:LongRequired:NoBackupTypeRepresentsthetypeofbackupforabackupjob.
Type:StringRequired:NoBackupVaultArnAnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:String226AWSBackup开发人员指南BackupJobRequired:NoBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:NoBytesTransferredThesizeinbytestransferredtoabackupvaultatthetimethatthejobstatuswasqueried.
Type:LongRequired:NoCompletionDateThedateandtimeajobtocreateabackupjobiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatedByContainsidentifyinginformationaboutthecreationofabackupjob,includingtheBackupPlanArn,BackupPlanId,BackupPlanVersion,andBackupRuleIdofthebackupplanusedtocreateit.
Type:RecoveryPointCreator(p.
257)objectRequired:NoCreationDateThedateandtimeabackupjobiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoExpectedCompletionDateThedateandtimeajobtobackupresourcesisexpectedtobecompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofExpectedCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoIamRoleArnSpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
227AWSBackup开发人员指南BackupJobType:StringRequired:NoPercentDoneContainsanestimatedpercentagecompleteofajobatthetimethejobstatuswasqueried.
Type:StringRequired:NoRecoveryPointArnAnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoResourceArnAnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringRequired:NoResourceTypeThetypeofAWSresourcetobebackedup;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
ForVSSWindowsbackups,theonlysupportedresourcetypeisAmazonEC2.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoStartBySpecifiesthetimeinUnixformatandCoordinatedUniversalTime(UTC)whenabackupjobmustbestartedbeforeitiscanceled.
Thevalueiscalculatedbyaddingthestartwindowtothescheduledtime.
Soifthescheduledtimewere6:00PMandthestartwindowis2hours,theStartBytimewouldbe8:00PMonthedatespecified.
ThevalueofStartByisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoStateThecurrentstateofaresourcerecoverypoint.
Type:StringValidValues:CREATED|PENDING|RUNNING|ABORTING|ABORTED|COMPLETED|FAILED|EXPIREDRequired:NoStatusMessageAdetailedmessageexplainingthestatusofthejobtobackuparesource.
228AWSBackup开发人员指南BackupJobType:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3229AWSBackup开发人员指南BackupPlanBackupPlanContainsanoptionalbackupplandisplaynameandanarrayofBackupRuleobjects,eachofwhichspecifiesabackuprule.
EachruleinabackupplanisaseparatescheduledtaskandcanbackupadifferentselectionofAWSresources.
ContentsAdvancedBackupSettingsContainsalistofBackupOptionsforeachresourcetype.
Type:ArrayofAdvancedBackupSetting(p.
225)objectsRequired:NoBackupPlanNameThedisplaynameofabackupplan.
Type:StringRequired:YesRulesAnarrayofBackupRuleobjects,eachofwhichspecifiesascheduledtaskthatisusedtobackupaselectionofresources.
Type:ArrayofBackupRule(p.
235)objectsRequired:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3230AWSBackup开发人员指南BackupPlanInputBackupPlanInputContainsanoptionalbackupplandisplaynameandanarrayofBackupRuleobjects,eachofwhichspecifiesabackuprule.
EachruleinabackupplanisaseparatescheduledtaskandcanbackupadifferentselectionofAWSresources.
ContentsAdvancedBackupSettingsSpecifiesalistofBackupOptionsforeachresourcetype.
ThesesettingsareonlyavailableforWindowsVSSbackupjobs.
Type:ArrayofAdvancedBackupSetting(p.
225)objectsRequired:NoBackupPlanNameTheoptionaldisplaynameofabackupplan.
Type:StringRequired:YesRulesAnarrayofBackupRuleobjects,eachofwhichspecifiesascheduledtaskthatisusedtobackupaselectionofresources.
Type:ArrayofBackupRuleInput(p.
237)objectsRequired:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3231AWSBackup开发人员指南BackupPlansListMemberBackupPlansListMemberContainsmetadataaboutabackupplan.
ContentsAdvancedBackupSettingsContainsalistofBackupOptionsforaresourcetype.
Type:ArrayofAdvancedBackupSetting(p.
225)objectsRequired:NoBackupPlanArnAnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringRequired:NoBackupPlanIdUniquelyidentifiesabackupplan.
Type:StringRequired:NoBackupPlanNameThedisplaynameofasavedbackupplan.
Type:StringRequired:NoCreationDateThedateandtimearesourcebackupplaniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatorRequestIdAuniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringRequired:NoDeletionDateThedateandtimeabackupplanisdeleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofDeletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
232AWSBackup开发人员指南BackupPlansListMemberType:TimestampRequired:NoLastExecutionDateThelasttimeajobtobackupresourceswasrunwiththisrule.
Adateandtime,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastExecutionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoVersionIdUnique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
VersionIDscannotbeedited.
Type:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3233AWSBackup开发人员指南BackupPlanTemplatesListMemberBackupPlanTemplatesListMemberAnobjectspecifyingmetadataassociatedwithabackupplantemplate.
ContentsBackupPlanTemplateIdUniquelyidentifiesastoredbackupplantemplate.
Type:StringRequired:NoBackupPlanTemplateNameTheoptionaldisplaynameofabackupplantemplate.
Type:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3234AWSBackup开发人员指南BackupRuleBackupRuleSpecifiesascheduledtaskusedtobackupaselectionofresources.
ContentsCompletionWindowMinutesAvalueinminutesafterabackupjobissuccessfullystartedbeforeitmustbecompletedoritwillbecanceledbyAWSBackup.
Thisvalueisoptional.
Type:LongRequired:NoCopyActionsAnarrayofCopyActionobjects,whichcontainsthedetailsofthecopyoperation.
Type:ArrayofCopyAction(p.
246)objectsRequired:NoLifecycleThelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:NoRecoveryPointTagsAnarrayofkey-valuepairstringsthatareassignedtoresourcesthatareassociatedwiththisrulewhenrestoredfrombackup.
Type:StringtostringmapRequired:NoRuleIdUniquelyidentifiesarulethatisusedtoschedulethebackupofaselectionofresources.
Type:StringRequired:NoRuleNameAnoptionaldisplaynameforabackuprule.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$235AWSBackup开发人员指南BackupRuleRequired:YesScheduleExpressionACRONexpressionspecifyingwhenAWSBackupinitiatesabackupjob.
Formoreinformationaboutcronexpressions,seeScheduleExpressionsforRulesintheAmazonCloudWatchEventsUserGuide.
.
Priortospecifyingavalueforthisparameter,werecommendtestingyourcronexpressionusingoneofthemanyavailablecrongeneratorandtestingtools.
Type:StringRequired:NoStartWindowMinutesAvalueinminutesafterabackupisscheduledbeforeajobwillbecanceledifitdoesn'tstartsuccessfully.
Thisvalueisoptional.
Type:LongRequired:NoTargetBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3236AWSBackup开发人员指南BackupRuleInputBackupRuleInputSpecifiesascheduledtaskusedtobackupaselectionofresources.
ContentsCompletionWindowMinutesAvalueinminutesafterabackupjobissuccessfullystartedbeforeitmustbecompletedoritwillbecanceledbyAWSBackup.
Thisvalueisoptional.
Type:LongRequired:NoCopyActionsAnarrayofCopyActionobjects,whichcontainsthedetailsofthecopyoperation.
Type:ArrayofCopyAction(p.
246)objectsRequired:NoLifecycleThelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackupwilltransitionandexpirebackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:NoRecoveryPointTagsTohelporganizeyourresources,youcanassignyourownmetadatatotheresourcesthatyoucreate.
Eachtagisakey-valuepair.
Type:StringtostringmapRequired:NoRuleNameAnoptionaldisplaynameforabackuprule.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:YesScheduleExpressionACRONexpressionspecifyingwhenAWSBackupinitiatesabackupjob.
Type:String237AWSBackup开发人员指南BackupRuleInputRequired:NoStartWindowMinutesAvalueinminutesafterabackupisscheduledbeforeajobwillbecanceledifitdoesn'tstartsuccessfully.
Thisvalueisoptional.
Type:LongRequired:NoTargetBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3238AWSBackup开发人员指南BackupSelectionBackupSelectionUsedtospecifyasetofresourcestoabackupplan.
ContentsIamRoleArnTheARNoftheIAMrolethatAWSBackupusestoauthenticatewhenbackingupthetargetresource;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:YesListOfTagsAnarrayofconditionsusedtospecifyasetofresourcestoassigntoabackupplan;forexample,"StringEquals":{"ec2:ResourceTag/Department":"accounting".
Type:ArrayofCondition(p.
245)objectsRequired:NoResourcesAnarrayofstringsthatcontainAmazonResourceNames(ARNs)ofresourcestoassigntoabackupplan.
Type:ArrayofstringsRequired:NoSelectionNameThedisplaynameofaresourceselectiondocument.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3239AWSBackup开发人员指南BackupSelectionsListMemberBackupSelectionsListMemberContainsmetadataaboutaBackupSelectionobject.
ContentsBackupPlanIdUniquelyidentifiesabackupplan.
Type:StringRequired:NoCreationDateThedateandtimeabackupplaniscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatorRequestIdAuniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringRequired:NoIamRoleArnSpecifiestheIAMroleAmazonResourceName(ARN)tocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:NoSelectionIdUniquelyidentifiesarequesttoassignasetofresourcestoabackupplan.
Type:StringRequired:NoSelectionNameThedisplaynameofaresourceselectiondocument.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:240AWSBackup开发人员指南BackupSelectionsListMemberAWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3241AWSBackup开发人员指南BackupVaultListMemberBackupVaultListMemberContainsmetadataaboutabackupvault.
ContentsBackupVaultArnAnAmazonResourceName(ARN)thatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringRequired:NoBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:NoCreationDateThedateandtimearesourcebackupiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatorRequestIdAuniquestringthatidentifiestherequestandallowsfailedrequeststoberetriedwithouttheriskofrunningtheoperationtwice.
Type:StringRequired:NoEncryptionKeyArnTheserver-sideencryptionkeythatisusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringRequired:NoNumberOfRecoveryPointsThenumberofrecoverypointsthatarestoredinabackupvault.
Type:LongRequired:No242AWSBackup开发人员指南BackupVaultListMemberSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3243AWSBackup开发人员指南CalculatedLifecycleCalculatedLifecycleContainsDeleteAtandMoveToColdStorageAttimestamps,whichareusedtospecifyalifecycleforarecoverypoint.
Thelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
ContentsDeleteAtAtimestampthatspecifieswhentodeletearecoverypoint.
Type:TimestampRequired:NoMoveToColdStorageAtAtimestampthatspecifieswhentotransitionarecoverypointtocoldstorage.
Type:TimestampRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3244AWSBackup开发人员指南ConditionConditionContainsanarrayoftripletsmadeupofaconditiontype(suchasStringEquals),akey,andavalue.
Conditionsareusedtofilterresourcesinaselectionthatisassignedtoabackupplan.
ContentsConditionKeyThekeyinakey-valuepair.
Forexample,in"ec2:ResourceTag/Department":"accounting","ec2:ResourceTag/Department"isthekey.
Type:StringRequired:YesConditionTypeAnoperation,suchasStringEquals,thatisappliedtoakey-valuepairusedtofilterresourcesinaselection.
Type:StringValidValues:STRINGEQUALSRequired:YesConditionValueThevalueinakey-valuepair.
Forexample,in"ec2:ResourceTag/Department":"accounting","accounting"isthevalue.
Type:StringRequired:YesSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3245AWSBackup开发人员指南CopyActionCopyActionThedetailsofthecopyoperation.
ContentsDestinationBackupVaultArnAnAmazonResourceName(ARN)thatuniquelyidentifiesthedestinationbackupvaultforthecopiedbackup.
Forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringRequired:YesLifecycleContainsanarrayofTransitionobjectsspecifyinghowlongindaysbeforearecoverypointtransitionstocoldstorageorisdeleted.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,ontheconsole,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3246AWSBackup开发人员指南CopyJobCopyJobContainsdetailedinformationaboutacopyjob.
ContentsAccountIdTheaccountIDthatownsthecopyjob.
Type:StringPattern:^[0-9]{12}$Required:NoBackupSizeInBytesThesize,inbytes,ofacopyjob.
Type:LongRequired:NoCompletionDateThedateandtimeacopyjobiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCopyJobIdUniquelyidentifiesacopyjob.
Type:StringRequired:NoCreatedByContainsinformationaboutthebackupplanandrulethatAWSBackupusedtoinitiatetherecoverypointbackup.
Type:RecoveryPointCreator(p.
257)objectRequired:NoCreationDateThedateandtimeacopyjobiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoDestinationBackupVaultArnAnAmazonResourceName(ARN)thatuniquelyidentifiesadestinationcopyvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
247AWSBackup开发人员指南CopyJobType:StringRequired:NoDestinationRecoveryPointArnAnARNthatuniquelyidentifiesadestinationrecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoIamRoleArnSpecifiestheIAMroleARNusedtocopythetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:NoResourceArnTheAWSresourcetobecopied;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
Type:StringRequired:NoResourceTypeThetypeofAWSresourcetobecopied;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoSourceBackupVaultArnAnAmazonResourceName(ARN)thatuniquelyidentifiesasourcecopyvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringRequired:NoSourceRecoveryPointArnAnARNthatuniquelyidentifiesasourcerecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoStateThecurrentstateofacopyjob.
Type:StringValidValues:CREATED|RUNNING|COMPLETED|FAILED248AWSBackup开发人员指南CopyJobRequired:NoStatusMessageAdetailedmessageexplainingthestatusofthejobtocopyaresource.
Type:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3249AWSBackup开发人员指南LifecycleLifecycleContainsanarrayofTransitionobjectsspecifyinghowlongindaysbeforearecoverypointtransitionstocoldstorageorisdeleted.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,ontheconsole,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
ContentsDeleteAfterDaysSpecifiesthenumberofdaysaftercreationthatarecoverypointisdeleted.
Mustbegreaterthan90daysplusMoveToColdStorageAfterDays.
Type:LongRequired:NoMoveToColdStorageAfterDaysSpecifiesthenumberofdaysaftercreationthatarecoverypointismovedtocoldstorage.
Type:LongRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3250AWSBackup开发人员指南ProtectedResourceProtectedResourceAstructurethatcontainsinformationaboutabacked-upresource.
ContentsLastBackupTimeThedateandtimearesourcewaslastbackedup,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastBackupTimeisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoResourceArnAnAmazonResourceName(ARN)thatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringRequired:NoResourceTypeThetypeofAWSresource;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
ForVSSWindowsbackups,theonlysupportedresourcetypeisAmazonEC2.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3251AWSBackup开发人员指南RecoveryPointByBackupVaultRecoveryPointByBackupVaultContainsdetailedinformationabouttherecoverypointsstoredinabackupvault.
ContentsBackupSizeInBytesThesize,inbytes,ofabackup.
Type:LongRequired:NoBackupVaultArnAnARNthatuniquelyidentifiesabackupvault;forexample,arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
Type:StringRequired:NoBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:NoCalculatedLifecycleACalculatedLifecycleobjectcontainingDeleteAtandMoveToColdStorageAttimestamps.
Type:CalculatedLifecycle(p.
244)objectRequired:NoCompletionDateThedateandtimeajobtorestorearecoverypointiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatedByContainsidentifyinginformationaboutthecreationofarecoverypoint,includingtheBackupPlanArn,BackupPlanId,BackupPlanVersion,andBackupRuleIdofthebackupplanthatisusedtocreateit.
Type:RecoveryPointCreator(p.
257)objectRequired:No252AWSBackup开发人员指南RecoveryPointByBackupVaultCreationDateThedateandtimearecoverypointiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoEncryptionKeyArnTheserver-sideencryptionkeythatisusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringRequired:NoIamRoleArnSpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
Type:StringRequired:NoIsEncryptedABooleanvaluethatisreturnedasTRUEifthespecifiedrecoverypointisencrypted,orFALSEiftherecoverypointisnotencrypted.
Type:BooleanRequired:NoLastRestoreTimeThedateandtimearecoverypointwaslastrestored,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofLastRestoreTimeisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoLifecycleThelifecycledefineswhenaprotectedresourceistransitionedtocoldstorageandwhenitexpires.
AWSBackuptransitionsandexpiresbackupsautomaticallyaccordingtothelifecyclethatyoudefine.
Backupstransitionedtocoldstoragemustbestoredincoldstorageforaminimumof90days.
Therefore,the"expireafterdays"settingmustbe90daysgreaterthanthe"transitiontocoldafterdays"setting.
The"transitiontocoldafterdays"settingcannotbechangedafterabackuphasbeentransitionedtocold.
OnlyAmazonEFSfilesystembackupscanbetransitionedtocoldstorage.
Type:Lifecycle(p.
250)objectRequired:No253AWSBackup开发人员指南RecoveryPointByBackupVaultRecoveryPointArnAnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoResourceArnAnARNthatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringRequired:NoResourceTypeThetypeofAWSresourcesavedasarecoverypoint;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
ForVSSWindowsbackups,theonlysupportedresourcetypeisAmazonEC2.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoSourceBackupVaultArnThebackupvaultwheretherecoverypointwasoriginallycopiedfrom.
Iftherecoverypointisrestoredtothesameaccountthisvaluewillbenull.
Type:StringRequired:NoStatusAstatuscodespecifyingthestateoftherecoverypoint.
Type:StringValidValues:COMPLETED|PARTIAL|DELETING|EXPIREDRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3254AWSBackup开发人员指南RecoveryPointByResourceRecoveryPointByResourceContainsdetailedinformationaboutasavedrecoverypoint.
ContentsBackupSizeBytesThesize,inbytes,ofabackup.
Type:LongRequired:NoBackupVaultNameThenameofalogicalcontainerwherebackupsarestored.
BackupvaultsareidentifiedbynamesthatareuniquetotheaccountusedtocreatethemandtheAWSRegionwheretheyarecreated.
Theyconsistoflowercaseletters,numbers,andhyphens.
Type:StringPattern:^[a-zA-Z0-9\-\_]{2,50}$Required:NoCreationDateThedateandtimearecoverypointiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoEncryptionKeyArnTheserver-sideencryptionkeythatisusedtoprotectyourbackups;forexample,arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Type:StringRequired:NoRecoveryPointArnAnAmazonResourceName(ARN)thatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoStatusAstatuscodespecifyingthestateoftherecoverypoint.
Type:StringValidValues:COMPLETED|PARTIAL|DELETING|EXPIREDRequired:No255AWSBackup开发人员指南RecoveryPointByResourceSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3256AWSBackup开发人员指南RecoveryPointCreatorRecoveryPointCreatorContainsinformationaboutthebackupplanandrulethatAWSBackupusedtoinitiatetherecoverypointbackup.
ContentsBackupPlanArnAnAmazonResourceName(ARN)thatuniquelyidentifiesabackupplan;forexample,arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
Type:StringRequired:NoBackupPlanIdUniquelyidentifiesabackupplan.
Type:StringRequired:NoBackupPlanVersionVersionIDsareunique,randomlygenerated,Unicode,UTF-8encodedstringsthatareatmost1,024byteslong.
Theycannotbeedited.
Type:StringRequired:NoBackupRuleIdUniquelyidentifiesaruleusedtoschedulethebackupofaselectionofresources.
Type:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGoAWSSDKforJavaAWSSDKforRubyV3257AWSBackup开发人员指南RestoreJobsListMemberRestoreJobsListMemberContainsmetadataaboutarestorejob.
ContentsAccountIdTheaccountIDthatownstherestorejob.
Type:StringPattern:^[0-9]{12}$Required:NoBackupSizeInBytesThesize,inbytes,oftherestoredresource.
Type:LongRequired:NoCompletionDateThedateandtimeajobtorestorearecoverypointiscompleted,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCompletionDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoCreatedResourceArnAnAmazonResourceName(ARN)thatuniquelyidentifiesaresource.
TheformatoftheARNdependsontheresourcetype.
Type:StringRequired:NoCreationDateThedateandtimearestorejobiscreated,inUnixformatandCoordinatedUniversalTime(UTC).
ThevalueofCreationDateisaccuratetomilliseconds.
Forexample,thevalue1516925490.
087representsFriday,January26,201812:11:30.
087AM.
Type:TimestampRequired:NoExpectedCompletionTimeMinutesTheamountoftimeinminutesthatajobrestoringarecoverypointisexpectedtotake.
Type:LongRequired:NoIamRoleArnSpecifiestheIAMroleARNusedtocreatethetargetrecoverypoint;forexample,arn:aws:iam::123456789012:role/S3Access.
258AWSBackup开发人员指南RestoreJobsListMemberType:StringRequired:NoPercentDoneContainsanestimatedpercentagecompleteofajobatthetimethejobstatuswasqueried.
Type:StringRequired:NoRecoveryPointArnAnARNthatuniquelyidentifiesarecoverypoint;forexample,arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
Type:StringRequired:NoResourceTypeTheresourcetypeofthelistedrestorejobs;forexample,anAmazonElasticBlockStore(AmazonEBS)volumeoranAmazonRelationalDatabaseService(AmazonRDS)database.
ForVSSWindowsbackups,theonlysupportedresourcetypeisAmazonEC2.
Type:StringPattern:^[a-zA-Z0-9\-\_\.
]{1,50}$Required:NoRestoreJobIdUniquelyidentifiesthejobthatrestoresarecoverypoint.
Type:StringRequired:NoStatusAstatuscodespecifyingthestateofthejobinitiatedbyAWSBackuptorestorearecoverypoint.
Type:StringValidValues:PENDING|RUNNING|COMPLETED|ABORTED|FAILEDRequired:NoStatusMessageAdetailedmessageexplainingthestatusofthejobtorestorearecoverypoint.
Type:StringRequired:NoSeeAlsoFormoreinformationaboutusingthisAPIinoneofthelanguage-specificAWSSDKs,seethefollowing:AWSSDKforC++AWSSDKforGo259AWSBackup开发人员指南CommonErrorsAWSSDKforJavaAWSSDKforRubyV3CommonErrorsThissectionliststheerrorscommontotheAPIactionsofallAWSservices.
ForerrorsspecifictoanAPIactionforthisservice,seethetopicforthatAPIaction.
AccessDeniedExceptionYoudonothavesufficientaccesstoperformthisaction.
HTTPStatusCode:400IncompleteSignatureTherequestsignaturedoesnotconformtoAWSstandards.
HTTPStatusCode:400InternalFailureTherequestprocessinghasfailedbecauseofanunknownerror,exceptionorfailure.
HTTPStatusCode:500InvalidActionTheactionoroperationrequestedisinvalid.
Verifythattheactionistypedcorrectly.
HTTPStatusCode:400InvalidClientTokenIdTheX.
509certificateorAWSaccesskeyIDprovideddoesnotexistinourrecords.
HTTPStatusCode:403InvalidParameterCombinationParametersthatmustnotbeusedtogetherwereusedtogether.
HTTPStatusCode:400InvalidParameterValueAninvalidorout-of-rangevaluewassuppliedfortheinputparameter.
HTTPStatusCode:400InvalidQueryParameterTheAWSquerystringismalformedordoesnotadheretoAWSstandards.
HTTPStatusCode:400MalformedQueryStringThequerystringcontainsasyntaxerror.
HTTPStatusCode:404MissingActionTherequestismissinganactionorarequiredparameter.
260AWSBackup开发人员指南CommonErrorsHTTPStatusCode:400MissingAuthenticationTokenTherequestmustcontaineitheravalid(registered)AWSaccesskeyIDorX.
509certificate.
HTTPStatusCode:403MissingParameterArequiredparameterforthespecifiedactionisnotsupplied.
HTTPStatusCode:400NotAuthorizedYoudonothavepermissiontoperformthisaction.
HTTPStatusCode:400OptInRequiredTheAWSaccesskeyIDneedsasubscriptionfortheservice.
HTTPStatusCode:403RequestExpiredTherequestreachedtheservicemorethan15minutesafterthedatestampontherequestormorethan15minutesaftertherequestexpirationdate(suchasforpre-signedURLs),orthedatestampontherequestismorethan15minutesinthefuture.
HTTPStatusCode:400ServiceUnavailableTherequesthasfailedduetoatemporaryfailureoftheserver.
HTTPStatusCode:503ThrottlingExceptionTherequestwasdeniedduetorequestthrottling.
HTTPStatusCode:400ValidationErrorTheinputfailstosatisfytheconstraintsspecifiedbyanAWSservice.
HTTPStatusCode:400261AWSBackup开发人员指南AWS词汇表有关最新AWS术语,请参阅AWSGeneralReference中的AWS词汇表.
262AWSBackup开发人员指南AWSBackup的文档历史记录下表介绍了此版本的AWSBackup的文档.
API版本:2019-01-15文档最新更新时间:2020年11月9日更改DescriptionDate支持备份和还原AmazonFSx文件系统您现在可以使用AWSBackup备份AmazonFSx文件系统.
有关更多信息,请参阅使用AmazonFSx文件系统.
2020年11月9日新的AWS区域AWSBackup现已在非洲(开普敦)和欧洲(米兰)AWS区域提供.
有关更多信息,请参阅AWS一般参考中的AWSBackup终端节点和配额.
2020年10月21日支持VSS的Windows备份您现在可以备份和还原在AmazonEC2实例上运行的启用VSS(卷影复制服务)的Windows应用程序.
有关更多信息,请参阅创建启用VSS的Windows备份.
2020年9月22日支持AmazonEFS自动备份您现在可以使用AWSBackup自动备份AmazonEFS文件系统.
有关更多信息,请参阅选项3:.
创建自动备份.
2020年7月16日新AWS区域AWSBackup现已在AWSGovCloud(美国)区域提供.
有关更多信息,请参阅AWS一般参考中的AWSBackup终端节点和配额.
2020年6月24日支持跨多个AWS账户管理备份您现在可以使用AWSOrganizations跨多个AWS账户管理备份.
有关更多信息,请参阅跨账户管理的工作原理.
2020年6月24日对添加到AWSBackup中的AmazonAurora的支持您现在可以配置AWSBackup以备份AmazonAurora的资源.
有关信息,请参阅https://docs.
amazonaws.
cn/AmazonRDS/latest/AuroraUserGuide/Aurora.
Managing.
Backups.
html中的备份和还原Aurora数据库集群概述AmazonAurora用户指南.
2020年6月10日263AWSBackup开发人员指南更改DescriptionDate支持配置服务以使用AWSBackup您现在可以配置AWSBackup以备份特定AWS服务的资源.
有关更多信息,请参阅配置服务以使用AWSBackup.
2020年5月20日支持备份AmazonEC2实例,还增加了对跨区域备份的支持您现在可以备份整个AmazonEC2实例,也可以跨AWS区域复制资源.
有关更多信息,请参阅跨区域备份.
2020年1月13日新指南这是AWSBackup开发人员指南的第一个版本.
2019年1月15日264AWSBackup开发人员指南本文属于机器翻译版本.
若本译文内容与英语原文存在差异,则一律以英文原文为准.
cclxv

tmhhost(100元/季)自带windows系统,香港(三网)cn2 gia、日本cn2、韩国cn2、美国(三网)cn2 gia、美国cn2gia200G高防

tmhhost可谓是相当熟悉国内网络情况(资质方面:ISP\ICP\工商齐备),专业售卖海外高端优质线路的云服务器和独立服务器,包括了:香港的三网cn2 gia、日本 cn2、日本软银云服务器、韩国CN2、美国三网cn2 gia 云服务器、美国 cn2 gia +200G高防的。另外还有国内云服务器:镇江BGP 大连BGP数据盘和系统盘分开,自带windows系统,支持支付宝付款和微信,简直就是专...

御云(RoyalYun):香港CN2 GIA VPS仅7.9元每月起,美国vps仅8.9/月,续费同价,可叠加优惠

御云怎么样?炎炎暑期即将来临,御云(royalyun)香港、美国服务器开启大特惠模式。御云是新成立的云服务提供商,主要提供香港、美国的云服务器,不久将开启虚拟主机业务。我们的香港和美国主机采用CN2 GIA线路。目前,香港cn2 gia vps仅7.9元每月起,美国vps仅8.9/月,续费同价,可叠加优惠,香港云服务器国内延迟一般在50ms左右,是搭建网站的最佳选择,但是请不要用于违法用途。点击进...

弘速云(28元/月)香港葵湾2核2G10M云服务器

弘速云怎么样?弘速云是创建于2021年的品牌,运营该品牌的公司HOSU LIMITED(中文名称弘速科技有限公司)公司成立于2021年国内公司注册于2019年。HOSU LIMITED主要从事出售香港vps、美国VPS、香港独立服务器、香港站群服务器等,目前在售VPS线路有CN2+BGP、CN2 GIA,该公司旗下产品均采用KVM虚拟化架构。可联系商家代安装iso系统,目前推出全场vps新开7折,...

自动备份为你推荐
ip地址是什么网络地址和IP地址有什么区别?主机地址是什么?回收站在哪vivo手机的回收站在哪bluestacksbluestacks怎么用?直播加速怎么让已拍摄好的视频加速lockdowndiphone4s 完美越狱5.1.1时出现Could not connect to lockdownd。求救啊!!云挂机云软件挂机赚钱是骗子电子商务网站模板我想开发一个电子商务网站,但是想加入自己设计的模板,可以吗?虚拟机软件下载谁有虚拟机软件的网址要好用的网站优化方案网站优化方法有哪些网站地图制作给人看的那种,网站地图怎么做
linux主机 www二级域名 已备案域名注册 如何申请免费域名 腾讯云盘 awardspace winhost 谷歌香港 debian源 刀片服务器是什么 多线空间 web服务器搭建 外贸空间 cxz 酸酸乳 免费获得q币 此网页包含的内容将不使用安全的https 香港打折信息 达拉斯 winscpiphone 更多