frameworks
Creates, updates, deletes or gets a framework resource or lists frameworks in a region
Overview
| Name | frameworks |
| Type | Resource |
| Description | Contains detailed information about a framework. Frameworks contain controls, which evaluate and report on your backup events and resources. Frameworks generate daily compliance results. |
| Id | awscc.backup.frameworks |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
framework_name | string | The unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_). |
framework_description | string | An optional description of the framework with a maximum 1,024 characters. |
framework_arn | string | An Amazon Resource Name (ARN) that uniquely identifies Framework as a resource |
deployment_status | string | The deployment status of a framework. The statuses are: `CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED` |
creation_time | string | The date and time that a framework is created, in ISO 8601 representation. The value of CreationTime is accurate to milliseconds. For example, 2020-07-10T15:00:00.000-08:00 represents the 10th of July 2020 at 3:00 PM 8 hours behind UTC. |
framework_controls | array | Contains detailed information about all of the controls of a framework. Each framework must contain at least one control. |
framework_status | string | A framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. The statuses are:<br />`ACTIVE` when recording is turned on for all resources governed by the framework.<br />`PARTIALLY_ACTIVE` when recording is turned off for at least one resource governed by the framework.<br />`INACTIVE` when recording is turned off for all resources governed by the framework.<br />`UNAVAILABLE` when AWS Backup is unable to validate recording status at this time. |
framework_tags | array | Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair. |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
framework_arn | string | An Amazon Resource Name (ARN) that uniquely identifies Framework as a resource |
region | string | AWS region. |
For more information, see AWS::Backup::Framework.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | frameworks | INSERT | FrameworkControls, region |
delete_resource | frameworks | DELETE | Identifier, region |
update_resource | frameworks | UPDATE | Identifier, PatchDocument, region |
list_resources | frameworks_list_only | SELECT | region |
get_resource | frameworks | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual framework.
SELECT
region,
framework_name,
framework_description,
framework_arn,
deployment_status,
creation_time,
framework_controls,
framework_status,
framework_tags
FROM awscc.backup.frameworks
WHERE
region = 'us-east-1' AND
Identifier = '{{ framework_arn }}';
Lists all frameworks in a region.
SELECT
region,
framework_arn
FROM awscc.backup.frameworks_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new framework resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.backup.frameworks (
FrameworkControls,
region
)
SELECT
'{{ framework_controls }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.backup.frameworks (
FrameworkName,
FrameworkDescription,
FrameworkControls,
FrameworkTags,
region
)
SELECT
'{{ framework_name }}',
'{{ framework_description }}',
'{{ framework_controls }}',
'{{ framework_tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: framework
props:
- name: framework_name
value: '{{ framework_name }}'
- name: framework_description
value: '{{ framework_description }}'
- name: framework_controls
value:
- control_name: '{{ control_name }}'
control_input_parameters:
- parameter_name: '{{ parameter_name }}'
parameter_value: '{{ parameter_value }}'
control_scope:
compliance_resource_ids:
- '{{ compliance_resource_ids[0] }}'
compliance_resource_types:
- '{{ compliance_resource_types[0] }}'
tags:
- value: '{{ value }}'
key: '{{ key }}'
- name: framework_tags
value:
- null
UPDATE example
Use the following StackQL query and manifest file to update a framework resource, using stack-deploy.
/*+ update */
UPDATE awscc.backup.frameworks
SET PatchDocument = string('{{ {
"FrameworkDescription": framework_description,
"FrameworkControls": framework_controls,
"FrameworkTags": framework_tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ framework_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.backup.frameworks
WHERE
Identifier = '{{ framework_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the frameworks resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
backup:CreateFramework,
backup:DescribeFramework,
backup:ListTags,
backup:TagResource,
iam:CreateServiceLinkedRole
backup:DescribeFramework,
backup:ListTags
backup:DescribeFramework,
backup:UpdateFramework,
backup:ListTags,
backup:TagResource,
backup:UntagResource
backup:DeleteFramework,
backup:DescribeFramework
backup:ListFrameworks