Table: aws_backup_recovery_point - Query AWS Backup Recovery Points using SQL
The AWS Backup Recovery Point is a component of AWS Backup, a fully managed backup service that makes it easy to centralize and automate the backup of data across AWS services. This resource, the recovery point, is an entity that contains all the metadata that AWS Backup needs to recover a protected resource, such as an Amazon RDS database, an Amazon EBS volume, or an Amazon S3 bucket. The recovery point is created after a successful backup of a protected resource.
Table Usage Guide
The aws_backup_recovery_point
table in Steampipe provides you with information about each recovery point within an AWS Backup vault. This table allows you, as a DevOps engineer or system administrator, to query recovery point-specific details, including the backup vault where the recovery point is stored, the source of the backup, the state of the recovery point, and associated metadata. You can utilize this table to gather insights on recovery points, such as identifying unencrypted recovery points, verifying backup completion status, and more. The schema outlines the various attributes of the recovery point for you, including the recovery point ARN, creation date, backup size, and associated tags.
Note: The value in the tags
column will be populated only if its resource type has a checkmark for Full AWS Backup management as per AWS Backup docs. This means the recovery point ARN must match the pattern arn:aws:backup:[a-z0-9\-]+:[0-9]{12}:recovery-point:.*
Examples
Basic Info
Discover the segments that are significant in your AWS backup recovery points. This can be beneficial for assessing the status and type of resources within your backup vaults, which can help in managing your backup strategy effectively.
select backup_vault_name, recovery_point_arn, resource_type, statusfrom aws_backup_recovery_point;
select backup_vault_name, recovery_point_arn, resource_type, statusfrom aws_backup_recovery_point;
List encrypted recovery points
Identify instances where your recovery points are encrypted to ensure data security and compliance. This query is useful to maintain a secure and compliant data backup system by pinpointing the specific locations where encryption is applied.
select backup_vault_name, recovery_point_arn, resource_type, status, is_encryptedfrom aws_backup_recovery_pointwhere is_encrypted;
select backup_vault_name, recovery_point_arn, resource_type, status, is_encryptedfrom aws_backup_recovery_pointwhere is_encrypted = 1;
Get associated tags for the targeted Recovery Points EC2, EBS and S3 resource types
Retrieving metadata, in the form of tags, for recovery points associated with three resource types - EC2 instances, EBS volumes, and S3 buckets. Tags are key-value pairs that provide valuable information about AWS resources.
select r.backup_vault_name as backup_vault_name, r.recovery_point_arn as recovery_point_arn, r.resource_type as resource_type, case when r.resource_type = 'EBS' then ( select tags from aws_ebs_snapshot where arn = concat( (string_to_array(r.recovery_point_arn, '::')) [ 1 ], ':', r.account_id, ':', (string_to_array(r.recovery_point_arn, '::')) [ 2 ] ) ) when r.resource_type = 'EC2' then ( select tags from aws_ec2_ami where image_id = (string_to_array(r.recovery_point_arn, '::image/')) [ 2 ] ) when r.resource_type in ('S3', 'EFS') then r.tags end as tags, r.region, r.account_idfrom aws_backup_recovery_point as r;
select r.backup_vault_name as backup_vault_name, r.recovery_point_arn as recovery_point_arn, r.resource_type as resource_type, case when r.resource_type = 'EBS' then ( select tags from aws_ebs_snapshot where arn = substr( r.recovery_point_arn, instr(r.recovery_point_arn, '::') + 2 ) ) when r.resource_type = 'EC2' then ( select tags from aws_ec2_ami where image_id = substr( r.recovery_point_arn, instr(r.recovery_point_arn, '::image/') + 8 ) ) when r.resource_type in ('S3', 'EFS') then r.tags end as tags, r.region, r.account_idfrom aws_backup_recovery_point as r;
Schema for aws_backup_recovery_point
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
account_id | text | =, !=, ~~, ~~*, !~~, !~~* | The AWS Account ID in which the resource is located. |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
backup_size_in_bytes | bigint | The size, in bytes, of a backup. | |
backup_vault_arn | text | An ARN that uniquely identifies a backup vault. | |
backup_vault_name | text | = | The name of a logical container where backups are stored. |
calculated_lifecycle | jsonb | An object containing DeleteAt and MoveToColdStorageAt timestamps. | |
completion_date | timestamp with time zone | = | The date and time that a job to create a recovery point is completed. |
composite_member_identifier | text | This is the identifier of a resource within a composite group. | |
created_by | jsonb | Contains identifying information about the creation of a recovery point, including the BackupPlanArn, BackupPlanId, BackupPlanVersion, and BackupRuleId of the backup plan used to create it. | |
creation_date | timestamp with time zone | The date and time that a recovery point is created. | |
encryption_key_arn | text | The server-side encryption key used to protect your backups. | |
iam_role_arn | text | Specifies the IAM role ARN used to create the target recovery point. | |
is_encrypted | boolean | A Boolean value that is returned as TRUE if the specified recovery point is encrypted, or FALSE if the recovery point is not encrypted. | |
is_parent | boolean | This is a boolean value indicating this is a parent (composite) recovery point. | |
last_restore_time | timestamp with time zone | The date and time that a recovery point was last restored. | |
lifecycle | jsonb | The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. | |
parent_recovery_point_arn | text | This is the Amazon Resource Name (ARN) of the parent (composite) recovery point. | |
partition | text | The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov). | |
recovery_point_arn | text | = | An ARN that uniquely identifies a recovery point. |
region | text | The AWS Region in which the resource is located. | |
resource_arn | text | An ARN that uniquely identifies a saved resource. | |
resource_name | text | This is the non-unique name of the resource that belongs to the specified backup. | |
resource_type | text | = | The type of Amazon Web Services resource to save as a recovery point. |
source_backup_vault_arn | text | An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
status | text | A status code specifying the state of the recovery point. | |
status_message | text | A status message explaining the reason for the recovery point deletion failure. | |
storage_class | text | Specifies the storage class of the recovery point. Valid values are WARM or COLD. | |
tags | jsonb | A map of tags for the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws
You can pass the configuration to the command with the --config
argument:
steampipe_export_aws --config '<your_config>' aws_backup_recovery_point