英文:
AWS-backup: The provided policy document does not meet the requirements of the specified policy type
问题
提供的策略文件不符合备份策略的预期格式。您正在尝试使用以下模板:
AWSTemplateFormatVersion: '2010-09-09'
Transform:
- 'AWS::LanguageExtensions'
Parameters:
pOrgBackupTargetOUs:
Description: 附加备份策略的AWS组织OU的逗号分隔列表。
Type: CommaDelimitedList
pCentralBackupVaultArn:
Description: 用于所有AWS备份的二级存储的集中式AWS备份库的ARN。定义的组织备份策略计划将“复制到”此库。
Type: String
pCrossAccountBackupRole:
Description: 跨帐户备份活动的IAM角色名称。
Type: String
pMemberAccountBackupVault:
AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$
ConstraintDescription: 成员帐户备份库的名称(名称区分大小写)。
Type: String
pTagKey:
Type: String
Description: 分配给资源的标签键。
Default: 'project'
pTagValue:
Type: String
Description: 分配给资源的标签值。
Default: 'aws-backup'
Resources:
rOrgDailyBackUpPolicy:
Type: AWS::Organizations::Policy
Properties:
Name: org-daily-backup-policy
Description: >-
根据资源选择标准的每日备份的备份策略
Type: BACKUP_POLICY
TargetIds: !Ref pOrgBackupTargetOUs
Content:
Fn::ToJsonString:
plans:
OrgBackupPlanDaily:
rules:
OrgDailyBackupRule:
schedule_expression:
"@@assign": cron(0 19 ? * * *)
start_backup_window_minutes:
"@@assign": '60'
complete_backup_window_minutes:
"@@assign": '1200'
lifecycle:
delete_after_days:
"@@assign": '14'
target_backup_vault_name:
"@@assign": !Ref pMemberAccountBackupVault
recovery_point_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
copy_actions:
"<my-central-vault-ARN-hardcoded>":
target_backup_vault_arn:
"@@assign": !Ref pCentralBackupVaultArn
lifecycle:
delete_after_days:
"@@assign": '14'
backup_plan_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
regions:
"@@append":
- eu-central-1
selections:
tags:
OrgDailyBackupSelection:
iam_role_arn:
"@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'
tag_key:
"@@assign": 'backup'
tag_value:
"@@assign":
- daily
代码解释:
总体而言,此CloudFormation模板为AWS组织中的资源创建了一个备份策略,指定了备份规则和备份数据的存储位置。
- rOrgDailyBackUpPolicy 是AWS::Organizations::Policy类型的资源,用于在指定的目标OU中创建备份策略。
- Name 和 Description 指定备份策略的名称和描述。
- Type 指定策略类型为 BACKUP_POLICY。
- TargetIds 指定将附加策略的AWS组织OU。
- Content 使用内置函数 Fn::ToJsonString 指定备份策略计划的详细信息,将其转换为JSON格式的字符串。此备份计划的名称为 OrgBackupPlanDaily,包括一组规则,定义了何时以及如何进行备份。这些规则包括调度表达式、备份窗口持续时间和备份数据的生命周期详细信息。
- backup_plan_tags 和 recovery_point_tags 指定要应用于备份计划和计划创建的恢复点的标签。
- regions 指定备份的地区。
- selections 指定备份的资源选择标准。在此情况下,它选择具有标签 backup 设置为 daily 的资源。
- iam_role_arn 指定执行备份活动的跨帐户备份角色的IAM角色名称。
- target_backup_vault_name 和 target_backup_vault_arn 指定备份将存储在哪些备份库中。target_backup_vault_arn 设置为传递给模板的 pCentralBackupVaultArn 参数的值。
但是,我收到了一个错误消息:“提供的策略文件不符合指定策略类型的要求”,当尝试创建备份策略时。
英文:
the policy document im are providing does not conform to the expected format for the backup policy.
Im trying to use This template.
AWSTemplateFormatVersion: '2010-09-09'
Transform:
- 'AWS::LanguageExtensions'
Parameters:
pOrgBackupTargetOUs:
Description: A comma separated list of the AWS Organizations OUs to attach backup policies.
Type: CommaDelimitedList
pCentralBackupVaultArn:
Description: The **ARN** of a centralized AWS Backup Vault that will be the secondary store for all AWS Backups. The defined organization backup policy plans will "copy_to" this vault.
Type: String
pCrossAccountBackupRole:
Description: This is the IAM role name for the cross-account backup role that carries out the backup activities.
Type: String
pMemberAccountBackupVault:
AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$
ConstraintDescription: The name of the member account Backup vaults. (Name is case sensitive).
Type: String
pTagKey:
Type: String
Description: This is the tag key to assign to resources.
Default: 'project'
pTagValue:
Type: String
Description: This is the tag value to assign to resources.
Default: 'aws-backup'
Resources:
rOrgDailyBackUpPolicy:
Type: AWS::Organizations::Policy
Properties:
Name: org-daily-backup-policy
Description: >-
BackupPolicy for Daily Backup as per the resource selection criteria
Type: BACKUP_POLICY
TargetIds: !Ref pOrgBackupTargetOUs
Content:
Fn::ToJsonString:
plans:
OrgBackupPlanDaily:
rules:
OrgDailyBackupRule:
schedule_expression:
"@@assign": cron(0 19 ? * * *)
start_backup_window_minutes:
"@@assign": '60'
complete_backup_window_minutes:
"@@assign": '1200'
lifecycle:
delete_after_days:
"@@assign": '14'
target_backup_vault_name:
"@@assign": !Ref pMemberAccountBackupVault
recovery_point_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
copy_actions:
"<my-central-vault-ARN-hardcoded>":
target_backup_vault_arn:
"@@assign": !Ref pCentralBackupVaultArn
lifecycle:
delete_after_days:
"@@assign": '14'
backup_plan_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
regions:
"@@append":
- eu-central-1
selections:
tags:
OrgDailyBackupSelection:
iam_role_arn:
"@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'
tag_key:
"@@assign": 'backup'
tag_value:
"@@assign":
- daily
Explanation of code:
Overall, this CloudFormation template creates an AWS backup policy for resources within an AWS Organization, specifying the backup rules and the storage locations for the backup data.
- rOrgDailyBackUpPolicy resource of type AWS::Organizations::Policy that creates a backup policy within the specified target OUs.
- Name and Description specify the name and description of the backup policy.
Type specifies the type of policy as BACKUP_POLICY. - TargetIds specifies the AWS Organization OUs to which the policy will be attached.
- Content specifies the backup policy plan details using the intrinsic function Fn::ToJsonString, which converts the contents to a JSON-formatted string. This backup plan has the name OrgBackupPlanDaily and includes a set of rules that define when and how backups are taken. These rules include scheduling expressions, window duration for backups, and lifecycle details for backup data.
- backup_plan_tags and recovery_point_tags specify tags to apply to the backup plan and recovery points created by the plan, respectively.
- regions specifies the regions in which backups are taken.
- selections specifies the resource selection criteria for backups. In this case, it selects resources with the tag backup set to daily.
- iam_role_arn specifies the IAM role name for the cross-account backup role that carries out the backup activities.
- target_backup_vault_name and target_backup_vault_arn specify the name and ARN of the backup vaults where the backups will be stored. target_backup_vault_arn is set to the value of the pCentralBackupVaultArn parameter passed to the template.
- copy_actions specifies the backup vault where a copy of backups will be stored. This section includes the name of the backup vault, and the lifecycle details for the copied data. The target_backup_vault_arn value is hardcoded and not parameterized.
But I am getting an error The provided policy document does not meet the requirements of the specified policy type. While trying to create the backup policy.
答案1
得分: 0
My fault. I was providing the name of the central vault instead of ARN as template parameter.
所以确保 copy_actions 包含了中央保险库的 ARN,硬编码和作为参数。
英文:
My fault. I was providing the name of the central vault instead of ARN as template parameter.
So make sure that copy_actions contains the ARN of the central vault, hardcoded and as parameter.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论