How do I generate audit reports in AWS Backup?

2 minutos de lectura
0

I want to use AWS Backup Audit Manager to generate audit reports for my AWS Backup activities.

Resolution

Choose a report template

First, choose a either a backup report template or a compliance report template.

Create a report plan

To create a report plan, use either the AWS Backup console or the CreateReportPlan API call.

To automate audit report creation, deliver the reports to an Amazon Simple Storage Service (Amazon S3) bucket in the AWS account where you configured the report plan.

After you create the report plan, AWS Backup Audit Manager automatically generates an S3 bucket access policy for you to apply. To apply the access policy to your S3 bucket, see the To view and apply this access policy to your S3 bucket section of Creating report plans using the AWS Backup console. If you use a custom AWS Key Management Service (AWS KMS) key to encrypt your bucket, then include the kms:GenerateDataKey and kms:Encrypt actions in your policy.

Create an on-demand report

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

AWS Backup Audit Manager delivers a daily report to your S3 bucket. To maintain performance, AWS Backup Audit Manager randomly delivers reports, so the delivery time varies.

To create an on-demand report, complete the following steps:

  1. Open the AWS Backup console.
  2. In the navigation pane, under Backup Audit Manager, choose Reports.
  3. Under Report plan name, choose a report plan.
  4. Choose Create on-demand report.

Note: You can't generate backup reports between specific dates. You can use the AWS Backup console to view jobs for the last 30 days. However, you can't export this data as a report. Instead, run the list-backup-jobs AWS CLI command to gather backup jobs as a .csv file:

aws backup list-backup-jobs --by-created-before 2023-02-02 --by-created-after 2023-03-01 --max-results 1000 --output text > sample-report.csv

To filter the data, include additional parameters, such as - -by-state.

OFICIAL DE AWS
OFICIAL DE AWSActualizada hace 6 meses
2 comentarios

Report plan from a delegate account enable from organizations, It has a cost?.

respondido hace 8 meses

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERADOR
respondido hace 8 meses