Best practice rules for AWS Backup
Trend Micro Cloud One™ – Conformity monitors AWS Backup with the following rules:
- AWS Backup Service Lifecycle Configuration
Ensure Amazon Backup plans have a compliant lifecycle configuration enabled.
- Configure AWS Backup Vault Access Policy
Prevent deletion of backups using an Amazon Backup vault resource-based access policy.
- Use AWS Backup Service in Use for Amazon RDS
Ensure that Amazon Backup service is used to manage AWS RDS database snapshots.
- Use KMS Customer Master Keys for AWS Backup
Ensure that your backups are encrypted at rest using KMS Customer Master Keys (CMKs).