aws-cdk-lib.aws_backup.BackupVaultProps

interface BackupVaultProps

LanguageType name
.NETAmazon.CDK.AWS.Backup.BackupVaultProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsbackup#BackupVaultProps
Javasoftware.amazon.awscdk.services.backup.BackupVaultProps
Pythonaws_cdk.aws_backup.BackupVaultProps
TypeScript (source)aws-cdk-lib » aws_backup » BackupVaultProps

Properties for a BackupVault.

Example

const myKey = kms.Key.fromKeyArn(this, 'MyKey', 'aaa');
const myTopic = sns.Topic.fromTopicArn(this, 'MyTopic', 'bbb');

const vault = new backup.BackupVault(this, 'Vault', {
  encryptionKey: myKey, // Custom encryption key
  notificationTopic: myTopic, // Send all vault events to this SNS topic
});

Properties

NameTypeDescription
accessPolicy?PolicyDocumentA resource-based policy that is used to manage access permissions on the backup vault.
backupVaultName?stringThe name of a logical container where backups are stored.
blockRecoveryPointDeletion?booleanWhether to add statements to the vault access policy that prevents anyone from deleting a recovery point.
encryptionKey?IKeyThe server-side encryption key to use to protect your backups.
lockConfiguration?LockConfigurationConfiguration for AWS Backup Vault Lock.
notificationEvents?BackupVaultEvents[]The vault events to send.
notificationTopic?ITopicA SNS topic to send vault events to.
removalPolicy?RemovalPolicyThe removal policy to apply to the vault.

accessPolicy?

Type: PolicyDocument (optional, default: access is not restricted)

A resource-based policy that is used to manage access permissions on the backup vault.


backupVaultName?

Type: string (optional, default: A CDK generated name)

The name of a logical container where backups are stored.

Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created.


blockRecoveryPointDeletion?

Type: boolean (optional, default: false)

Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point.


encryptionKey?

Type: IKey (optional, default: an Amazon managed KMS key)

The server-side encryption key to use to protect your backups.


lockConfiguration?

Type: LockConfiguration (optional, default: AWS Backup Vault Lock is disabled)

Configuration for AWS Backup Vault Lock.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html


notificationEvents?

Type: BackupVaultEvents[] (optional, default: all vault events if notificationTopic is defined)

The vault events to send.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html


notificationTopic?

Type: ITopic (optional, default: no notifications)

A SNS topic to send vault events to.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html


removalPolicy?

Type: RemovalPolicy (optional, default: RemovalPolicy.RETAIN)

The removal policy to apply to the vault.

Note that removing a vault that contains recovery points will fail.