-
Notifications
You must be signed in to change notification settings - Fork 598
/
Copy pathBackupPlanLifecycleRule.py
51 lines (43 loc) · 1.83 KB
/
BackupPlanLifecycleRule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
"""
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: MIT-0
"""
from collections import deque
from cfnlint.jsonschema import ValidationError
from cfnlint.rules.jsonschema.CfnLintKeyword import CfnLintKeyword
class BackupPlanLifecycleRule(CfnLintKeyword):
"""
Check Backup Plan rules with lifecycle has minimum
period between cold and delete
"""
id = "E3504"
shortdesc = "Check minimum 90 period is met between BackupPlan cold and delete"
description = (
"Check that Backup plans with lifecycle rules have >= 90 days between cold and"
" delete"
)
source_url = "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-backup-backupplan-lifecycleresourcetype.html"
tags = ["properties", "backup", "plan", "lifecycle"]
def __init__(self) -> None:
super().__init__(
[
"Resources/AWS::Backup::BackupPlan/Properties/BackupPlan/BackupPlanRule/*/Lifecycle"
]
)
def backupbackupplanlifecycle(self, validator, uI, instance, schema):
delete_after_days = instance.get("DeleteAfterDays")
move_to_cold_storage_after_days = instance.get("MoveToColdStorageAfterDays")
if not validator.is_type(delete_after_days, "integer"):
return
if not validator.is_type(move_to_cold_storage_after_days, "integer"):
return
if delete_after_days - move_to_cold_storage_after_days < 90:
yield ValidationError(
(
f"DeleteAfterDays {delete_after_days!r} must be at least "
"90 days after MoveToColdStorageAfterDays "
f"{move_to_cold_storage_after_days}"
),
path=deque(["DeleteAfterDays"]),
rule=self,
)