the policy document im are providing does not conform to the expected format for the backup policy.
Im trying to use This template.
AWSTemplateFormatVersion: '2010-09-09'
Transform:
- 'AWS::LanguageExtensions'
Parameters:
pOrgBackupTargetOUs:
Description: A comma separated list of the AWS Organizations OUs to attach backup policies.
Type: CommaDelimitedList
pCentralBackupVaultArn:
Description: The **ARN** of a centralized AWS Backup Vault that will be the secondary store for all AWS Backups. The defined organization backup policy plans will "copy_to" this vault.
Type: String
pCrossAccountBackupRole:
Description: This is the IAM role name for the cross-account backup role that carries out the backup activities.
Type: String
pMemberAccountBackupVault:
AllowedPattern: ^[a-zA-Z0-9\-\_\.]{1,50}$
ConstraintDescription: The name of the member account Backup vaults. (Name is case sensitive).
Type: String
pTagKey:
Type: String
Description: This is the tag key to assign to resources.
Default: 'project'
pTagValue:
Type: String
Description: This is the tag value to assign to resources.
Default: 'aws-backup'
Resources:
rOrgDailyBackUpPolicy:
Type: AWS::Organizations::Policy
Properties:
Name: org-daily-backup-policy
Description: >-
BackupPolicy for Daily Backup as per the resource selection criteria
Type: BACKUP_POLICY
TargetIds: !Ref pOrgBackupTargetOUs
Content:
Fn::ToJsonString:
plans:
OrgBackupPlanDaily:
rules:
OrgDailyBackupRule:
schedule_expression:
"@@assign": cron(0 19 ? * * *)
start_backup_window_minutes:
"@@assign": '60'
complete_backup_window_minutes:
"@@assign": '1200'
lifecycle:
delete_after_days:
"@@assign": '14'
target_backup_vault_name:
"@@assign": !Ref pMemberAccountBackupVault
recovery_point_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
copy_actions:
"<my-central-vault-ARN-hardcoded>":
target_backup_vault_arn:
"@@assign": !Ref pCentralBackupVaultArn
lifecycle:
delete_after_days:
"@@assign": '14'
backup_plan_tags:
project:
tag_key:
"@@assign": !Ref pTagKey
tag_value:
"@@assign": !Ref pTagValue
regions:
"@@append":
- eu-central-1
selections:
tags:
OrgDailyBackupSelection:
iam_role_arn:
"@@assign": !Sub 'arn:aws:iam::$account:role/${pCrossAccountBackupRole}'
tag_key:
"@@assign": 'backup'
tag_value:
"@@assign":
- daily
Explanation of code:
Overall, this CloudFormation template creates an AWS backup policy for resources within an AWS Organization, specifying the backup rules and the storage locations for the backup data.
But I am getting an error The provided policy document does not meet the requirements of the specified policy type.
While trying to create the backup policy.
My fault. I was providing the name of the central vault instead of ARN as template parameter.
So make sure that copy_actions contains the ARN of the central vault, hardcoded and as parameter.