Configure AWS Backup Vault Access Policy
Prevent deletion of backups using an Amazon Backup vault resource-based access policy.
Use KMS Customer Master Keys for AWS Backup
Ensure that your backups are encrypted at rest using KMS Customer Master Keys (CMKs).
Use AWS Backup Service in Use for Amazon RDS
Ensure that Amazon Backup service is used to manage AWS RDS database snapshots.
AWS Backup Service Lifecycle Configuration
Ensure Amazon Backup plans have a compliant lifecycle configuration enabled.