英文:
AWS-backup: The provided policy document does not meet the requirements of the specified policy type
问题
提供的策略文件不符合备份策略的预期格式。您正在尝试使用以下模板:
AWSTemplateFormatVersion: '2010-09-09'Transform:- 'AWS::LanguageExtensions'Parameters:pOrgBackupTargetOUs:Description: 附加备份策略的AWS组织OU的逗号分隔列表。Type: CommaDelimitedListpCentralBackupVaultArn:Description: 用于所有AWS备份的二级存储的集中式AWS备份库的ARN。定义的组织备份策略计划将“复制到”此库。Type: StringpCrossAccountBackupRole:Description: 跨帐户备份活动的IAM角色名称。Type: StringpMemberAccountBackupVault:AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$ConstraintDescription: 成员帐户备份库的名称(名称区分大小写)。Type: StringpTagKey:Type: StringDescription: 分配给资源的标签键。Default: 'project'pTagValue:Type: StringDescription: 分配给资源的标签值。Default: 'aws-backup'Resources:rOrgDailyBackUpPolicy:Type: AWS::Organizations::PolicyProperties:Name: org-daily-backup-policyDescription: >-根据资源选择标准的每日备份的备份策略Type: BACKUP_POLICYTargetIds: !Ref pOrgBackupTargetOUsContent:Fn::ToJsonString:plans:OrgBackupPlanDaily:rules:OrgDailyBackupRule:schedule_expression:"@@assign": cron(0 19 ? * * *)start_backup_window_minutes:"@@assign": '60'complete_backup_window_minutes:"@@assign": '1200'lifecycle:delete_after_days:"@@assign": '14'target_backup_vault_name:"@@assign": !Ref pMemberAccountBackupVaultrecovery_point_tags:project:tag_key:"@@assign": !Ref pTagKeytag_value:"@@assign": !Ref pTagValuecopy_actions:"<my-central-vault-ARN-hardcoded>":target_backup_vault_arn:"@@assign": !Ref pCentralBackupVaultArnlifecycle:delete_after_days:"@@assign": '14'backup_plan_tags:project:tag_key:"@@assign": !Ref pTagKeytag_value:"@@assign": !Ref pTagValueregions:"@@append":- eu-central-1selections:tags:OrgDailyBackupSelection:iam_role_arn:"@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'tag_key:"@@assign": 'backup'tag_value:"@@assign":- daily
代码解释:
总体而言,此CloudFormation模板为AWS组织中的资源创建了一个备份策略,指定了备份规则和备份数据的存储位置。
- rOrgDailyBackUpPolicy 是AWS::Organizations::Policy类型的资源,用于在指定的目标OU中创建备份策略。
- Name 和 Description 指定备份策略的名称和描述。
- Type 指定策略类型为 BACKUP_POLICY。
- TargetIds 指定将附加策略的AWS组织OU。
- Content 使用内置函数 Fn::ToJsonString 指定备份策略计划的详细信息,将其转换为JSON格式的字符串。此备份计划的名称为 OrgBackupPlanDaily,包括一组规则,定义了何时以及如何进行备份。这些规则包括调度表达式、备份窗口持续时间和备份数据的生命周期详细信息。
- backup_plan_tags 和 recovery_point_tags 指定要应用于备份计划和计划创建的恢复点的标签。
- regions 指定备份的地区。
- selections 指定备份的资源选择标准。在此情况下,它选择具有标签 backup 设置为 daily 的资源。
- iam_role_arn 指定执行备份活动的跨帐户备份角色的IAM角色名称。
- target_backup_vault_name 和 target_backup_vault_arn 指定备份将存储在哪些备份库中。target_backup_vault_arn 设置为传递给模板的 pCentralBackupVaultArn 参数的值。
但是,我收到了一个错误消息:“提供的策略文件不符合指定策略类型的要求”,当尝试创建备份策略时。
英文:
the policy document im are providing does not conform to the expected format for the backup policy.
Im trying to use This template.
AWSTemplateFormatVersion: '2010-09-09'Transform:- 'AWS::LanguageExtensions'Parameters:pOrgBackupTargetOUs:Description: A comma separated list of the AWS Organizations OUs to attach backup policies.Type: CommaDelimitedListpCentralBackupVaultArn:Description: The **ARN** of a centralized AWS Backup Vault that will be the secondary store for all AWS Backups. The defined organization backup policy plans will "copy_to" this vault.Type: StringpCrossAccountBackupRole:Description: This is the IAM role name for the cross-account backup role that carries out the backup activities.Type: StringpMemberAccountBackupVault:AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$ConstraintDescription: The name of the member account Backup vaults. (Name is case sensitive).Type: StringpTagKey:Type: StringDescription: This is the tag key to assign to resources.Default: 'project'pTagValue:Type: StringDescription: This is the tag value to assign to resources.Default: 'aws-backup'Resources:rOrgDailyBackUpPolicy:Type: AWS::Organizations::PolicyProperties:Name: org-daily-backup-policyDescription: >-BackupPolicy for Daily Backup as per the resource selection criteriaType: BACKUP_POLICYTargetIds: !Ref pOrgBackupTargetOUsContent:Fn::ToJsonString:plans:OrgBackupPlanDaily:rules:OrgDailyBackupRule:schedule_expression:"@@assign": cron(0 19 ? * * *)start_backup_window_minutes:"@@assign": '60'complete_backup_window_minutes:"@@assign": '1200'lifecycle:delete_after_days:"@@assign": '14'target_backup_vault_name:"@@assign": !Ref pMemberAccountBackupVaultrecovery_point_tags:project:tag_key:"@@assign": !Ref pTagKeytag_value:"@@assign": !Ref pTagValuecopy_actions:"<my-central-vault-ARN-hardcoded>":target_backup_vault_arn:"@@assign": !Ref pCentralBackupVaultArnlifecycle:delete_after_days:"@@assign": '14'backup_plan_tags:project:tag_key:"@@assign": !Ref pTagKeytag_value:"@@assign": !Ref pTagValueregions:"@@append":- eu-central-1selections:tags:OrgDailyBackupSelection:iam_role_arn:"@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'tag_key:"@@assign": 'backup'tag_value:"@@assign":- daily
Explanation of code:
Overall, this CloudFormation template creates an AWS backup policy for resources within an AWS Organization, specifying the backup rules and the storage locations for the backup data.
- rOrgDailyBackUpPolicy resource of type AWS::Organizations::Policy that creates a backup policy within the specified target OUs.
- Name and Description specify the name and description of the backup policy.
Type specifies the type of policy as BACKUP_POLICY. - TargetIds specifies the AWS Organization OUs to which the policy will be attached.
- Content specifies the backup policy plan details using the intrinsic function Fn::ToJsonString, which converts the contents to a JSON-formatted string. This backup plan has the name OrgBackupPlanDaily and includes a set of rules that define when and how backups are taken. These rules include scheduling expressions, window duration for backups, and lifecycle details for backup data.
- backup_plan_tags and recovery_point_tags specify tags to apply to the backup plan and recovery points created by the plan, respectively.
- regions specifies the regions in which backups are taken.
- selections specifies the resource selection criteria for backups. In this case, it selects resources with the tag backup set to daily.
- iam_role_arn specifies the IAM role name for the cross-account backup role that carries out the backup activities.
- target_backup_vault_name and target_backup_vault_arn specify the name and ARN of the backup vaults where the backups will be stored. target_backup_vault_arn is set to the value of the pCentralBackupVaultArn parameter passed to the template.
- copy_actions specifies the backup vault where a copy of backups will be stored. This section includes the name of the backup vault, and the lifecycle details for the copied data. The target_backup_vault_arn value is hardcoded and not parameterized.
But I am getting an error The provided policy document does not meet the requirements of the specified policy type. While trying to create the backup policy.
答案1
得分: 0
My fault. I was providing the name of the central vault instead of ARN as template parameter.
所以确保 copy_actions 包含了中央保险库的 ARN,硬编码和作为参数。
英文:
My fault. I was providing the name of the central vault instead of ARN as template parameter.
So make sure that copy_actions contains the ARN of the central vault, hardcoded and as parameter.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论