How to create AWS protection rules
A protection rule at Clumio defines the conditions to apply a selected backup policy to your assets. You can use protection rules to automate policy application for your EC2, EBS, RDS, and DynamoDB assets across multiple accounts and regions.
Instead of applying policies to multiple tags, or assets per region, you can define a set of conditions such as asset types, accounts, regions, and tags and select a backup policy to apply to that set of conditions. Protection rules can also be prioritized.
- Currently, protection rules do not apply to S3 buckets, and MS SQL on EC2 databases.
Protection automation - One rule can cover all accounts and regions
Prioritizations - No more tag conflicts!
Rules Preview - Gain full visibility into how newly created rules would impact your environment without committing
Direct Asset Protection - Clumio provides a default rule called 'Direct Policy Assignment' which lets you apply a policy directly to a specific asset. This rule cannot be edited, but its priority can be changed.
- To use protection rules, use standard tags across all AWS (EC2, EBS, RDS and DynamoDB) assets that need to be protected.
For example: If you have a Backup:Clumio tag associated with your AWS assets in AWS Account 123, then create a protection rule using this tag. Clumio searches for assets with this tag and automatically starts protecting them with the backup policy associated with your protection rule.
Create a protection rule:
Step 1: Login to your Clumio UI, go to Policies (from the left navigation pane) then click the AWS Protection Rules tab.
Step 2. Click Create Protection Rule, which opens a pop-up window. Fill in required details like the protection rule name and define your desired conditions, and click Next.
For example, in AWS Account 123 you have assets with tag backup:clumio-backup. In Conditions, select Account as Account 123 or ANY account and specify the tag backup:clumio-backup, and click Next. Selecting ANY account applies to all your currently added accounts, and also to all AWS accounts you add in the future.
Important: If no tags are defined, the rule will match against any assets in any account defined in the condition
Step 3. Select your existing backup policy, for example, test backup policy, and click Next.
Note: On the next page, Set Priority is optional.
Step 4. Click Preview Assets to preview your rule. A preview feature lets you see which assets will be affected by a new rule before you apply the rule. This preview feature also shows you the impact on your assets when you edit or delete a rule.
[You can choose to skip the preview and commit the new rule from the Rule Summary page.]
The Preview Assets page:
Step 6: Click Create Rule. Your newly created protection rule will appear under the AWS Protection Rules tab as below. Total number of assets protected by this rule will be shown under "Covered Assets" column
Once you create a protection rule, depending on the configuration, the rule can also apply to any new accounts that you connect to Clumio, if the rule conditions are met. You can prioritize rules based on importance, if an asset is covered by multiple rules, then the policy in the highest priority matched rule takes precedence.
For any additional questions, please contact us at firstname.lastname@example.org