AWS aws-backup documentation change
Summary
Added malware scanning configuration options to backup plan creation steps
Security assessment
Documents new malware scanning capabilities for backups, including resource type selection and IAM permission requirements. This proactively addresses data integrity but does not fix an existing security flaw.
Diff
diff --git a/aws-backup/latest/devguide/creating-a-backup-plan.md b/aws-backup/latest/devguide/creating-a-backup-plan.md index 2b719345e..455d08c66 100644 --- a//aws-backup/latest/devguide/creating-a-backup-plan.md +++ b//aws-backup/latest/devguide/creating-a-backup-plan.md @@ -87 +87 @@ Place a check next to the resource type(s) for which you want to have indexes cr - 9. (_Optional_) Use **Copy to destination** to create a cross-Region copy of eligible resources if you want to store a copy of a backup in a different AWS Region. + 9. (_Optional_) Enable malware scanning to automatically scan backups after they are created. When configuring malware protection, specify which resource types to scan (Amazon EC2, Amazon EBS, Amazon S3, or all supported resources) and the scanning types (full or incremental). Malware scanning applies only to your selected resource types. For example, if your backup plan includes both Amazon S3 and Amazon EC2 resources, but you enable malware scanning only for Amazon EC2, the service will scan only your EC2 backups. For each backup rule, you can configure which scanning type to use. The schedule of the backup rule will determine how frequently the scanning type takes place. @@ -89 +89 @@ Place a check next to the resource type(s) for which you want to have indexes cr - 10. (_Optional_) Tags added to recovery points. +###### Important @@ -91 +91,7 @@ Place a check next to the resource type(s) for which you want to have indexes cr - 11. When all sections are set to your specifications, choose **Save Backup rule**. +Before enabling malware protection, ensure your backup role and scanner role have the required permissions. For more information, see [the permissions documentation](https://docs.aws.amazon.com/aws-backup/latest/devguide/malware-protection.html#malware-access). + + 10. (_Optional_) Use **Copy to destination** to create a cross-Region copy of eligible resources if you want to store a copy of a backup in a different AWS Region. + + 11. (_Optional_) Tags added to recovery points. + + 12. When all sections are set to your specifications, choose **Save Backup rule**.