aws-cdk-lib.aws_backup.BackupVault

class BackupVault (construct)

LanguageType name
.NETAmazon.CDK.AWS.Backup.BackupVault
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsbackup#BackupVault
Javasoftware.amazon.awscdk.services.backup.BackupVault
Pythonaws_cdk.aws_backup.BackupVault
TypeScript (source)aws-cdk-lib » aws_backup » BackupVault

Implements IConstruct, IDependable, IResource, IBackupVault

A backup vault.

Example

const importedVault = backup.BackupVault.fromBackupVaultName(this, 'Vault', 'myVaultName');

const role = new iam.Role(this, 'Access Role', { assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com') });

importedVault.grant(role, 'backup:StartBackupJob');

Initializer

new BackupVault(scope: Construct, id: string, props?: BackupVaultProps)

Parameters

  • scope Construct
  • id string
  • props BackupVaultProps

Construct Props

NameTypeDescription
accessPolicy?PolicyDocumentA resource-based policy that is used to manage access permissions on the backup vault.
backupVaultName?stringThe name of a logical container where backups are stored.
blockRecoveryPointDeletion?booleanWhether to add statements to the vault access policy that prevents anyone from deleting a recovery point.
encryptionKey?IKeyThe server-side encryption key to use to protect your backups.
lockConfiguration?LockConfigurationConfiguration for AWS Backup Vault Lock.
notificationEvents?BackupVaultEvents[]The vault events to send.
notificationTopic?ITopicA SNS topic to send vault events to.
removalPolicy?RemovalPolicyThe removal policy to apply to the vault.

accessPolicy?

Type: PolicyDocument (optional, default: access is not restricted)

A resource-based policy that is used to manage access permissions on the backup vault.


backupVaultName?

Type: string (optional, default: A CDK generated name)

The name of a logical container where backups are stored.

Backup vaults are identified by names that are unique to the account used to create them and the AWS Region where they are created.


blockRecoveryPointDeletion?

Type: boolean (optional, default: false)

Whether to add statements to the vault access policy that prevents anyone from deleting a recovery point.


encryptionKey?

Type: IKey (optional, default: an Amazon managed KMS key)

The server-side encryption key to use to protect your backups.


lockConfiguration?

Type: LockConfiguration (optional, default: AWS Backup Vault Lock is disabled)

Configuration for AWS Backup Vault Lock.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html


notificationEvents?

Type: BackupVaultEvents[] (optional, default: all vault events if notificationTopic is defined)

The vault events to send.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html


notificationTopic?

Type: ITopic (optional, default: no notifications)

A SNS topic to send vault events to.

See also: https://docs.aws.amazon.com/aws-backup/latest/devguide/sns-notifications.html


removalPolicy?

Type: RemovalPolicy (optional, default: RemovalPolicy.RETAIN)

The removal policy to apply to the vault.

Note that removing a vault that contains recovery points will fail.

Properties

NameTypeDescription
backupVaultArnstringThe ARN of the backup vault.
backupVaultNamestringThe name of a logical container where backups are stored.
envResourceEnvironmentThe environment this resource belongs to.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.

backupVaultArn

Type: string

The ARN of the backup vault.


backupVaultName

Type: string

The name of a logical container where backups are stored.


env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
addToAccessPolicy(statement)Adds a statement to the vault access policy.
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
blockRecoveryPointDeletion()Adds a statement to the vault access policy that prevents anyone from deleting a recovery point.
grant(grantee, ...actions)Grant the actions defined in actions to the given grantee on this Backup Vault resource.
toString()Returns a string representation of this construct.
static fromBackupVaultArn(scope, id, backupVaultArn)Import an existing backup vault by arn.
static fromBackupVaultName(scope, id, backupVaultName)Import an existing backup vault by name.

addToAccessPolicy(statement)

public addToAccessPolicy(statement: PolicyStatement): void

Parameters

  • statement PolicyStatement

Adds a statement to the vault access policy.


applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


blockRecoveryPointDeletion()

public blockRecoveryPointDeletion(): void

Adds a statement to the vault access policy that prevents anyone from deleting a recovery point.


grant(grantee, ...actions)

public grant(grantee: IGrantable, ...actions: string[]): Grant

Parameters

  • grantee IGrantable — Principal to grant right to.
  • actions string — The actions to grant.

Returns

  • Grant

Grant the actions defined in actions to the given grantee on this Backup Vault resource.


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.


static fromBackupVaultArn(scope, id, backupVaultArn)

public static fromBackupVaultArn(scope: Construct, id: string, backupVaultArn: string): IBackupVault

Parameters

  • scope Construct
  • id string
  • backupVaultArn string

Returns

  • IBackupVault

Import an existing backup vault by arn.


static fromBackupVaultName(scope, id, backupVaultName)

public static fromBackupVaultName(scope: Construct, id: string, backupVaultName: string): IBackupVault

Parameters

  • scope Construct
  • id string
  • backupVaultName string

Returns

  • IBackupVault

Import an existing backup vault by name.