Skip to main content

frameworks

Creates, updates, deletes or gets a framework resource or lists frameworks in a region

Overview

Nameframeworks
TypeResource
DescriptionContains detailed information about a framework. Frameworks contain controls, which evaluate and report on your backup events and resources. Frameworks generate daily compliance results.
Idaws.backup.frameworks

Fields

NameDatatypeDescription
framework_namestringThe unique name of a framework. This name is between 1 and 256 characters, starting with a letter, and consisting of letters (a-z, A-Z), numbers (0-9), and underscores (_).
framework_descriptionstringAn optional description of the framework with a maximum 1,024 characters.
framework_arnstringAn Amazon Resource Name (ARN) that uniquely identifies Framework as a resource
deployment_statusstringThe deployment status of a framework. The statuses are: `CREATE_IN_PROGRESS | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | COMPLETED | FAILED`
creation_timestringThe date and time that a framework is created, in ISO 8601 representation. The value of CreationTime is accurate to milliseconds. For example, 2020-07-10T15:00:00.000-08:00 represents the 10th of July 2020 at 3:00 PM 8 hours behind UTC.
framework_controlsarrayContains detailed information about all of the controls of a framework. Each framework must contain at least one control.
framework_statusstringA framework consists of one or more controls. Each control governs a resource, such as backup plans, backup selections, backup vaults, or recovery points. You can also turn AWS Config recording on or off for each resource. The statuses are:
`ACTIVE` when recording is turned on for all resources governed by the framework.
`PARTIALLY_ACTIVE` when recording is turned off for at least one resource governed by the framework.
`INACTIVE` when recording is turned off for all resources governed by the framework.
`UNAVAILABLE` when AWS Backup is unable to validate recording status at this time.
framework_tagsarrayMetadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.
regionstringAWS region.

Methods

NameAccessible byRequired Params
create_resourceINSERTFrameworkControls, region
delete_resourceDELETEdata__Identifier, region
update_resourceUPDATEdata__Identifier, data__PatchDocument, region
list_resourcesSELECTregion
get_resourceSELECTdata__Identifier, region

SELECT examples

Gets all frameworks in a region.

SELECT
region,
framework_name,
framework_description,
framework_arn,
deployment_status,
creation_time,
framework_controls,
framework_status,
framework_tags
FROM aws.backup.frameworks
WHERE region = 'us-east-1';

Gets all properties from an individual framework.

SELECT
region,
framework_name,
framework_description,
framework_arn,
deployment_status,
creation_time,
framework_controls,
framework_status,
framework_tags
FROM aws.backup.frameworks
WHERE region = 'us-east-1' AND data__Identifier = '<FrameworkArn>';

INSERT example

Use the following StackQL query and manifest file to create a new framework resource, using stack-deploy.

/*+ create */
INSERT INTO aws.backup.frameworks (
 FrameworkControls,
 region
)
SELECT 
'{{ FrameworkControls }}',
'{{ region }}';

DELETE example

/*+ delete */
DELETE FROM aws.backup.frameworks
WHERE data__Identifier = '<FrameworkArn>'
AND region = 'us-east-1';

Permissions

To operate on the frameworks resource, the following permissions are required:

Create

backup:CreateFramework,
backup:DescribeFramework,
backup:ListTags,
backup:TagResource,
iam:CreateServiceLinkedRole

Read

backup:DescribeFramework,
backup:ListTags

Update

backup:DescribeFramework,
backup:UpdateFramework,
backup:ListTags,
backup:TagResource,
backup:UntagResource

Delete

backup:DeleteFramework,
backup:DescribeFramework

List

backup:ListFrameworks