Best practices

Backup vault should be configured to send notifications for each failed backup job

Risk Level

Informational (4)

Platform(s)

Description

AWS Backup is a fully-managed service that protects data across AWS services. Using this service, you can configure backup policies and monitor activity for your AWS resources in one place. We identified a Backup vault '{AwsBackupVault}' that does not send notifications (via Amazon Simple Notification Service - SNS) for failed backup jobs. Enabling alert notifications for failed vault backup jobs will allow you to avoid loss of backup data by monitor and mitigate any issues with your failed backup jobs.
  • Recommended Mitigation

    In order to avoid backup data loss, it is recommended to configure notifications for each backup vault when a failed backup occurs. This can be done by creating an SNS topic and adding email as a subscription. Then, configure the backup vault with the SNS topic and add 'BACKUP_JOB_FAILED' as an event argument.