Backup

This action removes the specified legal hold on a recovery point. This action can only be performed by a user with sufficient permissions.

Creates a backup plan using a backup plan name and backup rules. A backup plan is a document that contains information that Backup uses to schedule tasks that create recovery points for resources.

If you call CreateBackupPlan with a plan that already exists, you receive an AlreadyExistsException exception.

Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically.

Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.

Note: Do not include sensitive data, such as passport numbers, in the name of a backup vault.

Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.

This action creates a legal hold on a recovery point (backup). A legal hold is a restraint on altering or deleting a backup until an authorized user cancels the legal hold. Any actions to delete or disassociate a recovery point will fail with an error if one or more active legal holds are on the recovery point.

Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it.

If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.

Deletes a backup plan. A backup plan can only be deleted after all associated selections of resources have been deleted. Deleting a backup plan deletes the current version of a backup plan. Previous versions, if any, will still exist.

Deletes the resource selection associated with a backup plan that is specified by the SelectionId.

Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.

Deletes the policy document that manages permissions on a backup vault.

Deletes Backup Vault Lock from a backup vault specified by a backup vault name.

If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using API operations, and you will receive an InvalidRequestException if you attempt to do so. For more information, see Vault Lock in the Backup Developer Guide.

Deletes event notifications for the specified backup vault.

Deletes the framework specified by a framework name.

Deletes the recovery point specified by a recovery point ID.

If the recovery point ID belongs to a continuous backup, calling this endpoint deletes the existing continuous backup and stops future continuous backup.

When an IAM role's permissions are insufficient to call this API, the service sends back an HTTP 200 response with an empty HTTP body, but the recovery point is not deleted. Instead, it enters an EXPIRED state.

EXPIRED recovery points can be deleted with this API once the IAM role has the iam:CreateServiceLinkedRole action. To learn more about adding this role, see Troubleshooting manual deletions.

If the user or role is deleted or the permission within the role is removed, the deletion will not be successful and will enter an EXPIRED state.

Deletes the report plan specified by a report plan name.

Returns backup job details for the specified BackupJobId.

Returns metadata about a backup vault specified by its name.

Returns metadata associated with creating a copy of a resource.

Returns the framework details for the specified FrameworkName.

Describes whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not a member of an Organizations organization. Example: describe-global-settings --region us-west-2

Returns information about a saved resource, including the last time it was backed up, its Amazon Resource Name (ARN), and the Amazon Web Services service type of the saved resource.

Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.

Returns the current service opt-in settings for the Region. If service opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region.

Returns the details associated with creating a report as specified by its ReportJobId.

Returns a list of all report plans for an Amazon Web Services account and Amazon Web Services Region.

Returns metadata associated with a restore job that is specified by a job ID.

Deletes the specified continuous backup recovery point from Backup and releases control of that continuous backup to the source service, such as Amazon RDS. The source service will continue to create and retain continuous backups using the lifecycle that you specified in your original backup plan.

Does not support snapshot backup recovery points.

This action to a specific child (nested) recovery point removes the relationship between the specified recovery point and its parent (composite) recovery point.

Returns the backup plan that is specified by the plan ID as a backup template.

Returns BackupPlan details for the specified BackupPlanId. The details are the body of a backup plan in JSON format, in addition to plan metadata.

Returns a valid JSON document specifying a backup plan or an error.

Returns the template specified by its templateId as a backup plan.

Returns selection metadata and a document in JSON format that specifies a list of resources that are associated with a backup plan.

Returns the access policy document that is associated with the named backup vault.

Returns event notifications for the specified backup vault.

This action returns details for a specified legal hold. The details are the body of a legal hold in JSON format, in addition to metadata.

Returns a set of metadata key-value pairs that were used to create the backup.

Returns the Amazon Web Services resource types supported by Backup.

Returns a list of existing backup jobs for an authenticated account for the last 30 days. For a longer period of time, consider using these monitoring tools.

Returns a list of all active backup plans for an authenticated account. The list contains information such as Amazon Resource Names (ARNs), plan IDs, creation and deletion dates, version IDs, plan names, and creator request IDs.

Returns metadata of your saved backup plan templates, including the template ID, name, and the creation and deletion dates.

Returns version metadata of your backup plans, including Amazon Resource Names (ARNs), backup plan IDs, creation and deletion dates, plan names, and version IDs.

Returns an array containing metadata of the resources associated with the target backup plan.

Returns a list of recovery point storage containers along with information about them.

Returns metadata about your copy jobs.

Returns a list of all frameworks for an Amazon Web Services account and Amazon Web Services Region.

This action returns metadata about active and previous legal holds.

Returns an array of resources successfully backed up by Backup, including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type.

Returns detailed information about the recovery points stored in a backup vault.

This action returns recovery point ARNs (Amazon Resource Names) of the specified legal hold.

Returns detailed information about all the recovery points of the type specified by a resource Amazon Resource Name (ARN).

Note: For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.

Returns details about your report jobs.

Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan.

Returns a list of jobs that Backup initiated to restore a saved resource, including details about the recovery process.

Returns a list of key-value pairs assigned to a target recovery point, backup plan, or backup vault.

ListTags only works for resource types that support full Backup management of their backups. Those resource types are listed in the "Full Backup management" section of the Feature availability by resource table.

Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format.

Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.

Note: Backup Vault Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations. For more information about how Backup Vault Lock relates to these regulations, see the Cohasset Associates Compliance Assessment.

Turns on notifications on a backup vault for the specified topic and events.

Starts an on-demand backup job for the specified resource.

Starts a job to create a one-time copy of the specified resource.

Does not support continuous backups.

Starts an on-demand report job for the specified report plan.

Recovers the saved resource identified by an Amazon Resource Name (ARN).

Attempts to cancel a job to create a one-time backup of a resource.

This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, FSx for ONTAP , Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune.

Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).

Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN)

Updates an existing backup plan identified by its backupPlanId with the input document in JSON format. The new version is uniquely identified by a VersionId.

Updates an existing framework identified by its FrameworkName with the input document in JSON format.

Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings.

Sets the transition lifecycle of a recovery point.

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the "Lifecycle to cold storage" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

This operation does not support continuous backups.

Updates the current service opt-in settings for the Region. If service-opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region. Use the DescribeRegionSettings API to determine the resource types that are supported.

Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.