AWS备份:提供的策略文件不符合指定策略类型的要求。

huangapple go评论64阅读模式
英文:

AWS-backup: The provided policy document does not meet the requirements of the specified policy type

问题

提供的策略文件不符合备份策略的预期格式。您正在尝试使用以下模板:

AWSTemplateFormatVersion: '2010-09-09'
Transform:
  - 'AWS::LanguageExtensions'
Parameters:
  pOrgBackupTargetOUs:
    Description: 附加备份策略的AWS组织OU的逗号分隔列表。
    Type: CommaDelimitedList
  pCentralBackupVaultArn:
    Description: 用于所有AWS备份的二级存储的集中式AWS备份库的ARN。定义的组织备份策略计划将“复制到”此库。
    Type: String
  pCrossAccountBackupRole:
    Description: 跨帐户备份活动的IAM角色名称。
    Type: String
  pMemberAccountBackupVault:
    AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$
    ConstraintDescription: 成员帐户备份库的名称(名称区分大小写)。
    Type: String
  pTagKey:
    Type: String
    Description: 分配给资源的标签键。
    Default: 'project'
  pTagValue:
    Type: String
    Description: 分配给资源的标签值。
    Default: 'aws-backup'
Resources:
  rOrgDailyBackUpPolicy:
    Type: AWS::Organizations::Policy
    Properties:
      Name: org-daily-backup-policy
      Description: >-
                根据资源选择标准的每日备份的备份策略
      Type: BACKUP_POLICY
      TargetIds: !Ref pOrgBackupTargetOUs
      Content:
        Fn::ToJsonString:
          plans:
            OrgBackupPlanDaily:
              rules:
                OrgDailyBackupRule:
                  schedule_expression:
                    "@@assign": cron(0 19 ? * * *)
                  start_backup_window_minutes:
                    "@@assign": '60'
                  complete_backup_window_minutes:
                    "@@assign": '1200'
                  lifecycle:
                    delete_after_days:
                      "@@assign": '14'
                  target_backup_vault_name:
                    "@@assign": !Ref pMemberAccountBackupVault
                  recovery_point_tags:
                    project:
                      tag_key:
                        "@@assign": !Ref pTagKey
                      tag_value:
                        "@@assign": !Ref pTagValue
                  copy_actions:
                    "<my-central-vault-ARN-hardcoded>":
                      target_backup_vault_arn:
                        "@@assign": !Ref pCentralBackupVaultArn
                      lifecycle:
                        delete_after_days:
                          "@@assign": '14'
              backup_plan_tags:
                project:
                  tag_key:
                     "@@assign": !Ref pTagKey
                  tag_value:
                     "@@assign": !Ref pTagValue
              regions:
                "@@append":
                  - eu-central-1
              selections:
                tags:
                  OrgDailyBackupSelection:
                    iam_role_arn:
                      "@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'
                    tag_key:
                      "@@assign": 'backup'
                    tag_value:
                      "@@assign":
                        - daily

代码解释:

总体而言,此CloudFormation模板为AWS组织中的资源创建了一个备份策略,指定了备份规则和备份数据的存储位置。

  • rOrgDailyBackUpPolicy 是AWS::Organizations::Policy类型的资源,用于在指定的目标OU中创建备份策略。
  • NameDescription 指定备份策略的名称和描述。
  • Type 指定策略类型为 BACKUP_POLICY。
  • TargetIds 指定将附加策略的AWS组织OU。
  • Content 使用内置函数 Fn::ToJsonString 指定备份策略计划的详细信息,将其转换为JSON格式的字符串。此备份计划的名称为 OrgBackupPlanDaily,包括一组规则,定义了何时以及如何进行备份。这些规则包括调度表达式、备份窗口持续时间和备份数据的生命周期详细信息。
  • backup_plan_tags 和 recovery_point_tags 指定要应用于备份计划和计划创建的恢复点的标签。
  • regions 指定备份的地区。
  • selections 指定备份的资源选择标准。在此情况下,它选择具有标签 backup 设置为 daily 的资源。
  • iam_role_arn 指定执行备份活动的跨帐户备份角色的IAM角色名称。
  • target_backup_vault_name 和 target_backup_vault_arn 指定备份将存储在哪些备份库中。target_backup_vault_arn 设置为传递给模板的 pCentralBackupVaultArn 参数的值。

但是,我收到了一个错误消息:“提供的策略文件不符合指定策略类型的要求”,当尝试创建备份策略时。

英文:

the policy document im are providing does not conform to the expected format for the backup policy.

Im trying to use This template.

AWSTemplateFormatVersion: &#39;2010-09-09&#39;
Transform:
- &#39;AWS::LanguageExtensions&#39;
Parameters:
pOrgBackupTargetOUs:
Description: A comma separated list of the AWS Organizations OUs to attach backup policies.
Type: CommaDelimitedList
pCentralBackupVaultArn:
Description: The **ARN** of a centralized AWS Backup Vault that will be the secondary store for all AWS Backups. The defined organization backup policy plans will &quot;copy_to&quot; this vault.
Type: String
pCrossAccountBackupRole:
Description: This is the IAM role name for the cross-account backup role that carries out the backup activities.
Type: String
pMemberAccountBackupVault:
AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$
ConstraintDescription: The name of the member account Backup vaults. (Name is case sensitive). 
Type: String
pTagKey:
Type: String 
Description: This is the tag key to assign to resources.
Default: &#39;project&#39;
pTagValue:
Type: String 
Description: This is the tag value to assign to resources.
Default: &#39;aws-backup&#39;
Resources:
rOrgDailyBackUpPolicy:
Type: AWS::Organizations::Policy
Properties:
Name: org-daily-backup-policy
Description: &gt;-
BackupPolicy for Daily Backup as per the resource selection criteria
Type: BACKUP_POLICY
TargetIds: !Ref pOrgBackupTargetOUs
Content:
Fn::ToJsonString:
plans:
OrgBackupPlanDaily:
rules:
OrgDailyBackupRule:
schedule_expression:
&quot;@@assign&quot;: cron(0 19 ? * * *)
start_backup_window_minutes:
&quot;@@assign&quot;: &#39;60&#39;
complete_backup_window_minutes:
&quot;@@assign&quot;: &#39;1200&#39;
lifecycle:
delete_after_days:
&quot;@@assign&quot;: &#39;14&#39;
target_backup_vault_name:
&quot;@@assign&quot;: !Ref pMemberAccountBackupVault
recovery_point_tags:
project:
tag_key:
&quot;@@assign&quot;: !Ref pTagKey
tag_value:
&quot;@@assign&quot;: !Ref pTagValue
copy_actions:
&quot;&lt;my-central-vault-ARN-hardcoded&gt;&quot;:
target_backup_vault_arn:
&quot;@@assign&quot;: !Ref pCentralBackupVaultArn
lifecycle:
delete_after_days:
&quot;@@assign&quot;: &#39;14&#39;
backup_plan_tags:
project:
tag_key:
&quot;@@assign&quot;: !Ref pTagKey
tag_value:
&quot;@@assign&quot;: !Ref pTagValue
regions:
&quot;@@append&quot;:
- eu-central-1
selections:
tags:
OrgDailyBackupSelection:
iam_role_arn:
&quot;@@assign&quot;: !Sub &#39;arn:aws:iam::$account:role/${pCrossAccountBackupRole}&#39;
tag_key:
&quot;@@assign&quot;: &#39;backup&#39;
tag_value:
&quot;@@assign&quot;:
- daily

Explanation of code:

Overall, this CloudFormation template creates an AWS backup policy for resources within an AWS Organization, specifying the backup rules and the storage locations for the backup data.

  • rOrgDailyBackUpPolicy resource of type AWS::Organizations::Policy that creates a backup policy within the specified target OUs.
  • Name and Description specify the name and description of the backup policy.
    Type specifies the type of policy as BACKUP_POLICY.
  • TargetIds specifies the AWS Organization OUs to which the policy will be attached.
  • Content specifies the backup policy plan details using the intrinsic function Fn::ToJsonString, which converts the contents to a JSON-formatted string. This backup plan has the name OrgBackupPlanDaily and includes a set of rules that define when and how backups are taken. These rules include scheduling expressions, window duration for backups, and lifecycle details for backup data.
  • backup_plan_tags and recovery_point_tags specify tags to apply to the backup plan and recovery points created by the plan, respectively.
  • regions specifies the regions in which backups are taken.
  • selections specifies the resource selection criteria for backups. In this case, it selects resources with the tag backup set to daily.
  • iam_role_arn specifies the IAM role name for the cross-account backup role that carries out the backup activities.
  • target_backup_vault_name and target_backup_vault_arn specify the name and ARN of the backup vaults where the backups will be stored. target_backup_vault_arn is set to the value of the pCentralBackupVaultArn parameter passed to the template.
  • copy_actions specifies the backup vault where a copy of backups will be stored. This section includes the name of the backup vault, and the lifecycle details for the copied data. The target_backup_vault_arn value is hardcoded and not parameterized.

But I am getting an error The provided policy document does not meet the requirements of the specified policy type. While trying to create the backup policy.

答案1

得分: 0

My fault. I was providing the name of the central vault instead of ARN as template parameter.

所以确保 copy_actions 包含了中央保险库的 ARN,硬编码和作为参数。

英文:

My fault. I was providing the name of the central vault instead of ARN as template parameter.

So make sure that copy_actions contains the ARN of the central vault, hardcoded and as parameter.

huangapple
  • 本文由 发表于 2023年5月10日 20:05:33
  • 转载请务必保留本文链接:https://go.coder-hub.com/76218202.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定