2023/08/08 - AWS Backup - 2 new 5 updated api methods
Changes This release introduces a new logically air-gapped vault (Preview) in AWS Backup that stores immutable backup copies, which are locked by default and isolated with encryption using AWS owned keys. Logically air-gapped vault (Preview) allows secure recovery of application data across accounts.
This request creates a logical container where backups are stored.
This request includes a name, optionally one or more resource tags, an encryption key, and a request ID.
Note
Do not include sensitive data, such as passport numbers, in the name of a backup vault.
See also: AWS API Documentation
Request Syntax
client.create_logically_air_gapped_backup_vault(
BackupVaultName='string',
BackupVaultTags={
'string': 'string'
},
CreatorRequestId='string',
MinRetentionDays=123,
MaxRetentionDays=123
)
string
[REQUIRED]
This is the name of the vault that is being created.
dict
These are the tags that will be included in the newly-created vault.
(string) --
(string) --
string
This is the ID of the creation request.
integer
[REQUIRED]
This setting specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, no minimum retention period is enforced.
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If a job retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault.
integer
[REQUIRED]
This is the setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Backup does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault.
dict
Response Syntax
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'VaultState': 'CREATING'|'AVAILABLE'|'FAILED'
}
Response Structure
(dict) --
BackupVaultName (string) --
The name of a logical container where backups are stored. Logically air-gapped backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
This is the ARN (Amazon Resource Name) of the vault being created.
CreationDate (datetime) --
The date and time when the vault was created.
This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
VaultState (string) --
This is the current state of the vault.
This request lists the protected resources corresponding to each backup vault.
See also: AWS API Documentation
Request Syntax
client.list_protected_resources_by_backup_vault(
BackupVaultName='string',
BackupVaultAccountId='string',
NextToken='string',
MaxResults=123
)
string
[REQUIRED]
This is the list of protected resources by backup vault within the vault(s) you specify by name.
string
This is the list of protected resources by backup vault within the vault(s) you specify by account ID.
string
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
integer
The maximum number of items to be returned.
dict
Response Syntax
{
'Results': [
{
'ResourceArn': 'string',
'ResourceType': 'string',
'LastBackupTime': datetime(2015, 1, 1),
'ResourceName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Results (list) --
These are the results returned for the request ListProtectedResourcesByBackupVault.
(dict) --
A structure that contains information about a backed-up resource.
ResourceArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
LastBackupTime (datetime) --
The date and time a resource was last backed up, in Unix format and Coordinated Universal Time (UTC). The value of LastBackupTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
ResourceName (string) --
This is the non-unique name of the resource that belongs to the specified backup.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
{'BackupVaultAccountId': 'string'}
Response {'VaultType': 'BACKUP_VAULT | LOGICALLY_AIR_GAPPED_BACKUP_VAULT'}
Returns metadata about a backup vault specified by its name.
See also: AWS API Documentation
Request Syntax
client.describe_backup_vault(
BackupVaultName='string',
BackupVaultAccountId='string'
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
string
This is the account ID of the specified backup vault.
dict
Response Syntax
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'VaultType': 'BACKUP_VAULT'|'LOGICALLY_AIR_GAPPED_BACKUP_VAULT',
'EncryptionKeyArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'CreatorRequestId': 'string',
'NumberOfRecoveryPoints': 123,
'Locked': True|False,
'MinRetentionDays': 123,
'MaxRetentionDays': 123,
'LockDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
VaultType (string) --
This is the type of vault described.
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
CreationDate (datetime) --
The date and time that a backup vault is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.
NumberOfRecoveryPoints (integer) --
The number of recovery points that are stored in a backup vault.
Locked (boolean) --
A Boolean that indicates whether Backup Vault Lock is currently protecting the backup vault. True means that Vault Lock causes delete or update operations on the recovery points stored in the vault to fail.
MinRetentionDays (integer) --
The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a minimum retention period.
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
MaxRetentionDays (integer) --
The Backup Vault Lock setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
LockDate (datetime) --
The date and time when Backup Vault Lock configuration cannot be changed or deleted.
If you applied Vault Lock to your vault without specifying a lock date, you can change any of your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.
This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
{'BackupVaultAccountId': 'string'}
Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.
See also: AWS API Documentation
Request Syntax
client.describe_recovery_point(
BackupVaultName='string',
RecoveryPointArn='string',
BackupVaultAccountId='string'
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
string
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
string
This is the account ID of the specified backup vault.
dict
Response Syntax
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'StorageClass': 'WARM'|'COLD'|'DELETED',
'LastRestoreTime': datetime(2015, 1, 1),
'ParentRecoveryPointArn': 'string',
'CompositeMemberIdentifier': 'string',
'IsParent': True|False,
'ResourceName': 'string'
}
Response Structure
(dict) --
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in; for example, arn:aws:backup:us-east-1:123456789012:vault:BackupVault . If the recovery is restored to the same Amazon Web Services account or Region, this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a saved resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource to save as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan. You can also increase your backup plan window using the Console by choosing and editing your backup plan.
EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started .
STOPPED status occurs on a continuous backup where a user has taken some action that causes the continuous backup to be disabled. This can be caused by the removal of permissions, turning off versioning, turning off events being sent to EventBridge, or disabling the EventBridge rules that are put in place by Backup.
To resolve STOPPED status, ensure that all requested permissions are in place and that versioning is enabled on the S3 bucket. Once these conditions are met, the next instance of a backup rule running will result in a new continuous recovery point being created. The recovery points with STOPPED status do not need to be deleted.
For SAP HANA on Amazon EC2 STOPPED status occurs due to user action, application misconfiguration, or backup failure. To ensure that future continuous backups succeed, refer to the recovery point status and check SAP HANA for details.
StatusMessage (string) --
A status message explaining the status of the recovery point.
CreationDate (datetime) --
The date and time that a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time that a job to create a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Resource types that are able to be transitioned to cold storage are listed in the "Lifecycle to cold storage" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
StorageClass (string) --
Specifies the storage class of the recovery point. Valid values are WARM or COLD .
LastRestoreTime (datetime) --
The date and time that a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
ParentRecoveryPointArn (string) --
This is an ARN that uniquely identifies a parent (composite) recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
CompositeMemberIdentifier (string) --
This is the identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.
IsParent (boolean) --
This returns the boolean value that a recovery point is a parent (composite) job.
ResourceName (string) --
This is the non-unique name of the resource that belongs to the specified backup.
{'BackupVaultAccountId': 'string'}
Returns a set of metadata key-value pairs that were used to create the backup.
See also: AWS API Documentation
Request Syntax
client.get_recovery_point_restore_metadata(
BackupVaultName='string',
RecoveryPointArn='string',
BackupVaultAccountId='string'
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
string
[REQUIRED]
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
string
This is the account ID of the specified backup vault.
dict
Response Syntax
{
'BackupVaultArn': 'string',
'RecoveryPointArn': 'string',
'RestoreMetadata': {
'string': 'string'
}
}
Response Structure
(dict) --
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
RecoveryPointArn (string) --
An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
RestoreMetadata (dict) --
The set of metadata key-value pairs that describe the original configuration of the backed-up resource. These values vary depending on the service that is being restored.
(string) --
(string) --
{'ByShared': 'boolean',
'ByVaultType': 'BACKUP_VAULT | LOGICALLY_AIR_GAPPED_BACKUP_VAULT'}
Returns a list of recovery point storage containers along with information about them.
See also: AWS API Documentation
Request Syntax
client.list_backup_vaults(
ByVaultType='BACKUP_VAULT'|'LOGICALLY_AIR_GAPPED_BACKUP_VAULT',
ByShared=True|False,
NextToken='string',
MaxResults=123
)
string
This parameter will sort the list of vaults by vault type.
boolean
This parameter will sort the list of vaults by shared vaults.
string
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
integer
The maximum number of items to be returned.
dict
Response Syntax
{
'BackupVaultList': [
{
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'CreationDate': datetime(2015, 1, 1),
'EncryptionKeyArn': 'string',
'CreatorRequestId': 'string',
'NumberOfRecoveryPoints': 123,
'Locked': True|False,
'MinRetentionDays': 123,
'MaxRetentionDays': 123,
'LockDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
BackupVaultList (list) --
An array of backup vault list members containing vault metadata, including Amazon Resource Name (ARN), display name, creation date, number of saved recovery points, and encryption information if the resources saved in the backup vault are encrypted.
(dict) --
Contains metadata about a backup vault.
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
CreationDate (datetime) --
The date and time a resource backup is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
EncryptionKeyArn (string) --
A server-side encryption key you can specify to encrypt your backups from services that support full Backup management; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab . If you specify a key, you must specify its ARN, not its alias. If you do not specify a key, Backup creates a KMS key for you by default.
To learn which Backup services support full Backup management and how Backup handles encryption for backups from services that do not yet support full Backup, see Encryption for backups in Backup
CreatorRequestId (string) --
A unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional.
If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
NumberOfRecoveryPoints (integer) --
The number of recovery points that are stored in a backup vault.
Locked (boolean) --
A Boolean value that indicates whether Backup Vault Lock applies to the selected backup vault. If true , Vault Lock prevents delete and update operations on the recovery points in the selected vault.
MinRetentionDays (integer) --
The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a minimum retention period.
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
MaxRetentionDays (integer) --
The Backup Vault Lock setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).
If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.
LockDate (datetime) --
The date and time when Backup Vault Lock configuration becomes immutable, meaning it cannot be changed or deleted.
If you applied Vault Lock to your vault without specifying a lock date, you can change your Vault Lock settings, or delete Vault Lock from the vault entirely, at any time.
This value is in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
{'BackupVaultAccountId': 'string'}
Returns detailed information about the recovery points stored in a backup vault.
See also: AWS API Documentation
Request Syntax
client.list_recovery_points_by_backup_vault(
BackupVaultName='string',
BackupVaultAccountId='string',
NextToken='string',
MaxResults=123,
ByResourceArn='string',
ByResourceType='string',
ByBackupPlanId='string',
ByCreatedBefore=datetime(2015, 1, 1),
ByCreatedAfter=datetime(2015, 1, 1),
ByParentRecoveryPointArn='string'
)
string
[REQUIRED]
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
Note
Backup vault name might not be available when a supported service creates the backup.
string
This parameter will sort the list of recovery points by account ID.
string
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
integer
The maximum number of items to be returned.
string
Returns only recovery points that match the specified resource Amazon Resource Name (ARN).
string
Returns only recovery points that match the specified resource type.
string
Returns only recovery points that match the specified backup plan ID.
datetime
Returns only recovery points that were created before the specified timestamp.
datetime
Returns only recovery points that were created after the specified timestamp.
string
This returns only recovery points that match the specified parent (composite) recovery point Amazon Resource Name (ARN).
dict
Response Syntax
{
'NextToken': 'string',
'RecoveryPoints': [
{
'RecoveryPointArn': 'string',
'BackupVaultName': 'string',
'BackupVaultArn': 'string',
'SourceBackupVaultArn': 'string',
'ResourceArn': 'string',
'ResourceType': 'string',
'CreatedBy': {
'BackupPlanId': 'string',
'BackupPlanArn': 'string',
'BackupPlanVersion': 'string',
'BackupRuleId': 'string'
},
'IamRoleArn': 'string',
'Status': 'COMPLETED'|'PARTIAL'|'DELETING'|'EXPIRED',
'StatusMessage': 'string',
'CreationDate': datetime(2015, 1, 1),
'CompletionDate': datetime(2015, 1, 1),
'BackupSizeInBytes': 123,
'CalculatedLifecycle': {
'MoveToColdStorageAt': datetime(2015, 1, 1),
'DeleteAt': datetime(2015, 1, 1)
},
'Lifecycle': {
'MoveToColdStorageAfterDays': 123,
'DeleteAfterDays': 123
},
'EncryptionKeyArn': 'string',
'IsEncrypted': True|False,
'LastRestoreTime': datetime(2015, 1, 1),
'ParentRecoveryPointArn': 'string',
'CompositeMemberIdentifier': 'string',
'IsParent': True|False,
'ResourceName': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The next item following a partial list of returned items. For example, if a request is made to return maxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
RecoveryPoints (list) --
An array of objects that contain detailed information about recovery points saved in a backup vault.
(dict) --
Contains detailed information about the recovery points stored in a backup vault.
RecoveryPointArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45 .
BackupVaultName (string) --
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.
BackupVaultArn (string) --
An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault .
SourceBackupVaultArn (string) --
The backup vault where the recovery point was originally copied from. If the recovery point is restored to the same account this value will be null .
ResourceArn (string) --
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
ResourceType (string) --
The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
CreatedBy (dict) --
Contains identifying information about the creation of a recovery point, including the BackupPlanArn , BackupPlanId , BackupPlanVersion , and BackupRuleId of the backup plan that is used to create it.
BackupPlanId (string) --
Uniquely identifies a backup plan.
BackupPlanArn (string) --
An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50 .
BackupPlanVersion (string) --
Version IDs are unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. They cannot be edited.
BackupRuleId (string) --
Uniquely identifies a rule used to schedule the backup of a selection of resources.
IamRoleArn (string) --
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access .
Status (string) --
A status code specifying the state of the recovery point.
StatusMessage (string) --
A message explaining the reason of the recovery point deletion failure.
CreationDate (datetime) --
The date and time a recovery point is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
CompletionDate (datetime) --
The date and time a job to restore a recovery point is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
BackupSizeInBytes (integer) --
The size, in bytes, of a backup.
CalculatedLifecycle (dict) --
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
MoveToColdStorageAt (datetime) --
A timestamp that specifies when to transition a recovery point to cold storage.
DeleteAt (datetime) --
A timestamp that specifies when to delete a recovery point.
Lifecycle (dict) --
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Resource types that are able to be transitioned to cold storage are listed in the "Lifecycle to cold storage" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
MoveToColdStorageAfterDays (integer) --
Specifies the number of days after creation that a recovery point is moved to cold storage.
DeleteAfterDays (integer) --
Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays .
EncryptionKeyArn (string) --
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab .
IsEncrypted (boolean) --
A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
LastRestoreTime (datetime) --
The date and time a recovery point was last restored, in Unix format and Coordinated Universal Time (UTC). The value of LastRestoreTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
ParentRecoveryPointArn (string) --
This is the Amazon Resource Name (ARN) of the parent (composite) recovery point.
CompositeMemberIdentifier (string) --
This is the identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.
IsParent (boolean) --
This is a boolean value indicating this is a parent (composite) recovery point.
ResourceName (string) --
This is the non-unique name of the resource that belongs to the specified backup.