Skip to content

(feat) Support backup of resources encrypted with AWS Managed KMS Keys #57

New issue
New issue
Open
Feature
Open
(feat) Support backup of resources encrypted with AWS Managed KMS Keys#57
Feature
Labels
enhancementNew feature or request
@kurtismash

Description

@kurtismash
kurtismash
opened on Jul 19, 2025

For resource types that are not "fully managed" by AWS Backup, the recovery points retain the encryption configuration of the source resource. Where the source resource is encrypted with an AWS Managed KMS Key a backup can be taken to the local -cmk Vault, but this will fail to copy to the central account as these keys cannot be used for cross-account actions.

Like in #56, we could attempt to copy but be prepared to handle the copy failure event. If this happens we could then copy the recovery point from the -cmk Vault to the same -cmk Vault, then on to the Vaults in the central account.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    Feature

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions