v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/aws
Overview
496Tables
Versions
PowerpipeMods
GitHub
steampipe plugin install aws

Table: aws_backup_recovery_point - Query AWS Backup Recovery Points using SQL

The AWS Backup Recovery Point is a component of AWS Backup, a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services. This resource, the recovery point, is an entity that contains all the metadata that AWS Backup needs to recover a protected resource, such as an Amazon RDS database, an Amazon EBS volume, or an Amazon S3 bucket. The recovery point is created after a successful backup of a protected resource.

Table Usage Guide

The aws_backup_recovery_point table in Steampipe provides you with information about each recovery point within an AWS Backup vault. This table allows you, as a DevOps engineer or system administrator, to query recovery point-specific details, including the backup vault where the recovery point is stored, the source of the backup, the state of the recovery point, and associated metadata. You can utilize this table to gather insights on recovery points, such as identifying unencrypted recovery points, verifying backup completion status, and more. The schema outlines the various attributes of the recovery point for you, including the recovery point ARN, creation date, backup size, and associated tags.

Note: The value in the tags column will be populated only if its resource type has a checkmark for Full AWS Backup management as per AWS Backup docs. This means the recovery point ARN must match the pattern arn:aws:backup:[a-z0-9\-]+:[0-9]{12}:recovery-point:.*

Examples

Basic Info

Discover the segments that are significant in your AWS backup recovery points. This can be beneficial for assessing the status and type of resources within your backup vaults, which can help in managing your backup strategy effectively.

select
  backup_vault_name,
  recovery_point_arn,
  resource_type,
  status
from
  aws_backup_recovery_point;
select
  backup_vault_name,
  recovery_point_arn,
  resource_type,
  status
from
  aws_backup_recovery_point;

List encrypted recovery points

Identify instances where your recovery points are encrypted to ensure data security and compliance. This query is useful to maintain a secure and compliant data backup system by pinpointing the specific locations where encryption is applied.

select
  backup_vault_name,
  recovery_point_arn,
  resource_type,
  status,
  is_encrypted
from
  aws_backup_recovery_point
where
  is_encrypted;
select
  backup_vault_name,
  recovery_point_arn,
  resource_type,
  status,
  is_encrypted
from
  aws_backup_recovery_point
where
  is_encrypted = 1;

Get associated tags for the targeted Recovery Points EC2, EBS and S3 resource types

Retrieving metadata, in the form of tags, for recovery points associated with three resource types - EC2 instances, EBS volumes, and S3 buckets. Tags are key-value pairs that provide valuable information about AWS resources.

select
  r.backup_vault_name as backup_vault_name,
  r.recovery_point_arn as recovery_point_arn,
  r.resource_type as resource_type,
  case
    when r.resource_type = 'EBS' then (
      select
        tags
      from
        aws_ebs_snapshot
      where
        arn = concat(
          (string_to_array(r.recovery_point_arn, '::')) [ 1 ],
          ':',
          r.account_id,
          ':',
          (string_to_array(r.recovery_point_arn, '::')) [ 2 ]
        )
    )
    when r.resource_type = 'EC2' then (
      select
        tags
      from
        aws_ec2_ami
      where
        image_id = (string_to_array(r.recovery_point_arn, '::image/')) [ 2 ]
    )
    when r.resource_type in ('S3', 'EFS') then r.tags
  end as tags,
  r.region,
  r.account_id
from
  aws_backup_recovery_point as r;
select
  r.backup_vault_name as backup_vault_name,
  r.recovery_point_arn as recovery_point_arn,
  r.resource_type as resource_type,
  case
    when r.resource_type = 'EBS' then (
      select
        tags
      from
        aws_ebs_snapshot
      where
        arn = substr(
          r.recovery_point_arn,
          instr(r.recovery_point_arn, '::') + 2
        )
    )
    when r.resource_type = 'EC2' then (
      select
        tags
      from
        aws_ec2_ami
      where
        image_id = substr(
          r.recovery_point_arn,
          instr(r.recovery_point_arn, '::image/') + 8
        )
    )
    when r.resource_type in ('S3', 'EFS') then r.tags
  end as tags,
  r.region,
  r.account_id
from
  aws_backup_recovery_point as r;

Control examples

Schema for aws_backup_recovery_point

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
backup_size_in_bytesbigintThe size, in bytes, of a backup.
backup_vault_arntextAn ARN that uniquely identifies a backup vault.
backup_vault_nametext=The name of a logical container where backups are stored.
calculated_lifecyclejsonbAn object containing DeleteAt and MoveToColdStorageAt timestamps.
completion_datetimestamp with time zone=The date and time that a job to create a recovery point is completed.
composite_member_identifiertextThis is the identifier of a resource within a composite group.
created_byjsonbContains identifying information about the creation of a recovery point, including the BackupPlanArn, BackupPlanId, BackupPlanVersion, and BackupRuleId of the backup plan used to create it.
creation_datetimestamp with time zoneThe date and time that a recovery point is created.
encryption_key_arntextThe server-side encryption key used to protect your backups.
iam_role_arntextSpecifies the IAM role ARN used to create the target recovery point.
is_encryptedbooleanA Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted.
is_parentbooleanThis is a boolean value indicating this is a parent (composite) recovery point.
last_restore_timetimestamp with time zoneThe date and time that a recovery point was last restored.
lifecyclejsonbThe lifecycle defines when a protected resource is transitioned to cold storage and when it expires.
parent_recovery_point_arntextThis is the Amazon Resource Name (ARN) of the parent (composite) recovery point.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
recovery_point_arntext=An ARN that uniquely identifies a recovery point.
regiontextThe AWS Region in which the resource is located.
resource_arntextAn ARN that uniquely identifies a saved resource.
resource_nametextThis is the non-unique name of the resource that belongs to the specified backup.
resource_typetext=The type of Amazon Web Services resource to save as a recovery point.
source_backup_vault_arntextAn Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextA status code specifying the state of the recovery point.
status_messagetextA status message explaining the reason for the recovery point deletion failure.
storage_classtextSpecifies the storage class of the recovery point. Valid values are WARM or COLD.
tagsjsonbA map of tags for the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_backup_recovery_point