{"files":{"SKILL.md":"---\nname: aws-backup\ndescription: \"AWS Backup API skill. Use when working with AWS Backup for legal-holds, backup, backup-vaults. Covers 91 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# AWS Backup\nAPI version: 2018-11-15\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. GET /global-settings -- describes whether the amazon web services account is opted in to cross-account backup. returns an error if the account is not a member of an organizations organization. example: describe-global-settings --region us-west-2\n3. POST /audit/frameworks -- create first framework\n\n## Endpoints\n91 endpoints across 15 groups. See references/api-spec.lap for full details.\n\n### Legal-holds\n| Method | Path | Description |\n|--------|------|-------------|\n| DELETE | /legal-holds/{legalHoldId} | Removes the specified legal hold on a recovery point. This action can only be performed by a user with sufficient permissions. |\n| POST | /legal-holds/ | Creates a legal hold on a recovery point (backup). A legal hold is a restraint on altering or deleting a backup until an authorized user cancels the legal hold. Any actions to delete or disassociate a recovery point will fail with an error if one or more active legal holds are on the recovery point. |\n| GET | /legal-holds/{legalHoldId}/ | This action returns details for a specified legal hold. The details are the body of a legal hold in JSON format, in addition to metadata. |\n| GET | /legal-holds/ | This action returns metadata about active and previous legal holds. |\n| GET | /legal-holds/{legalHoldId}/recovery-points | This action returns recovery point ARNs (Amazon Resource Names) of the specified legal hold. |\n\n### Backup\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /backup/plans/ | Creates a backup plan using a backup plan name and backup rules. A backup plan is a document that contains information that Backup uses to schedule tasks that create recovery points for resources. If you call CreateBackupPlan with a plan that already exists, you receive an AlreadyExistsException exception. |\n| PUT | /backup/plans/{backupPlanId}/selections/ | Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically. |\n| DELETE | /backup/plans/{backupPlanId} | Deletes a backup plan. A backup plan can only be deleted after all associated selections of resources have been deleted. Deleting a backup plan deletes the current version of a backup plan. Previous versions, if any, will still exist. |\n| DELETE | /backup/plans/{backupPlanId}/selections/{selectionId} | Deletes the resource selection associated with a backup plan that is specified by the SelectionId. |\n| GET | /backup/plans/{backupPlanId}/toTemplate/ | Returns the backup plan that is specified by the plan ID as a backup template. |\n| GET | /backup/plans/{backupPlanId}/ | Returns BackupPlan details for the specified BackupPlanId. The details are the body of a backup plan in JSON format, in addition to plan metadata. |\n| POST | /backup/template/json/toPlan | Returns a valid JSON document specifying a backup plan or an error. |\n| GET | /backup/template/plans/{templateId}/toPlan | Returns the template specified by its templateId as a backup plan. |\n| GET | /backup/plans/{backupPlanId}/selections/{selectionId} | Returns selection metadata and a document in JSON format that specifies a list of resources that are associated with a backup plan. |\n| GET | /backup/template/plans | Lists the backup plan templates. |\n| GET | /backup/plans/{backupPlanId}/versions/ | Returns version metadata of your backup plans, including Amazon Resource Names (ARNs), backup plan IDs, creation and deletion dates, plan names, and version IDs. |\n| GET | /backup/plans/ | Lists the active backup plans for the account. |\n| GET | /backup/plans/{backupPlanId}/selections/ | Returns an array containing metadata of the resources associated with the target backup plan. |\n| POST | /backup/plans/{backupPlanId} | Updates the specified backup plan. The new version is uniquely identified by its ID. |\n\n### Backup-vaults\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /backup-vaults/{backupVaultName} | Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.  Do not include sensitive data, such as passport numbers, in the name of a backup vault. |\n| DELETE | /backup-vaults/{backupVaultName} | Deletes the backup vault identified by its name. A vault can be deleted only if it is empty. |\n| DELETE | /backup-vaults/{backupVaultName}/access-policy | Deletes the policy document that manages permissions on a backup vault. |\n| DELETE | /backup-vaults/{backupVaultName}/vault-lock | Deletes Backup Vault Lock from a backup vault specified by a backup vault name. If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using API operations, and you will receive an InvalidRequestException if you attempt to do so. For more information, see Vault Lock in the Backup Developer Guide. |\n| DELETE | /backup-vaults/{backupVaultName}/notification-configuration | Deletes event notifications for the specified backup vault. |\n| DELETE | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn} | Deletes the recovery point specified by a recovery point ID. If the recovery point ID belongs to a continuous backup, calling this endpoint deletes the existing continuous backup and stops future continuous backup. When an IAM role's permissions are insufficient to call this API, the service sends back an HTTP 200 response with an empty HTTP body, but the recovery point is not deleted. Instead, it enters an EXPIRED state.  EXPIRED recovery points can be deleted with this API once the IAM role has the iam:CreateServiceLinkedRole action. To learn more about adding this role, see  Troubleshooting manual deletions. If the user or role is deleted or the permission within the role is removed, the deletion will not be successful and will enter an EXPIRED state. |\n| GET | /backup-vaults/{backupVaultName} | Returns metadata about a backup vault specified by its name. |\n| GET | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn} | Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle. |\n| POST | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/disassociate | Deletes the specified continuous backup recovery point from Backup and releases control of that continuous backup to the source service, such as Amazon RDS. The source service will continue to create and retain continuous backups using the lifecycle that you specified in your original backup plan. Does not support snapshot backup recovery points. |\n| DELETE | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/parentAssociation | This action to a specific child (nested) recovery point removes the relationship between the specified recovery point and its parent (composite) recovery point. |\n| GET | /backup-vaults/{backupVaultName}/access-policy | Returns the access policy document that is associated with the named backup vault. |\n| GET | /backup-vaults/{backupVaultName}/notification-configuration | Returns event notifications for the specified backup vault. |\n| GET | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/restore-metadata | Returns a set of metadata key-value pairs that were used to create the backup. |\n| GET | /backup-vaults/ | Returns a list of recovery point storage containers along with information about them. |\n| GET | /backup-vaults/{backupVaultName}/resources/ | This request lists the protected resources corresponding to each backup vault. |\n| GET | /backup-vaults/{backupVaultName}/recovery-points/ | Returns detailed information about the recovery points stored in a backup vault. |\n| PUT | /backup-vaults/{backupVaultName}/access-policy | Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format. |\n| PUT | /backup-vaults/{backupVaultName}/vault-lock | Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.  Backup Vault Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations. For more information about how Backup Vault Lock relates to these regulations, see the Cohasset Associates Compliance Assessment.   For more information, see Backup Vault Lock. |\n| PUT | /backup-vaults/{backupVaultName}/notification-configuration | Turns on notifications on a backup vault for the specified topic and events. |\n| POST | /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn} | Sets the transition lifecycle of a recovery point. The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types. Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.  If your lifecycle currently uses the parameters DeleteAfterDays and MoveToColdStorageAfterDays, include these parameters and their values when you call this operation. Not including them may result in your plan updating with null values.  This operation does not support continuous backups. |\n\n### Audit\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /audit/frameworks | Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance. |\n| POST | /audit/report-plans | Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it. If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception. |\n| DELETE | /audit/frameworks/{frameworkName} | Deletes the framework specified by a framework name. |\n| DELETE | /audit/report-plans/{reportPlanName} | Deletes the report plan specified by a report plan name. |\n| GET | /audit/frameworks/{frameworkName} | Returns the framework details for the specified FrameworkName. |\n| GET | /audit/report-jobs/{reportJobId} | Returns the details associated with creating a report as specified by its ReportJobId. |\n| GET | /audit/report-plans/{reportPlanName} | Returns a list of all report plans for an Amazon Web Services account and Amazon Web Services Region. |\n| GET | /audit/backup-job-summaries | This is a request for a summary of backup jobs created or running within the most recent 30 days. You can include parameters AccountID, State, ResourceType, MessageCategory, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, ResourceType, MessageCategory, StartTime, EndTime, and Count of included jobs. |\n| GET | /audit/copy-job-summaries | This request obtains a list of copy jobs created or running within the the most recent 30 days. You can include parameters AccountID, State, ResourceType, MessageCategory, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, RestourceType, MessageCategory, StartTime, EndTime, and Count of included jobs. |\n| GET | /audit/frameworks | Returns a list of all frameworks for an Amazon Web Services account and Amazon Web Services Region. |\n| GET | /audit/report-jobs | Returns details about your report jobs. |\n| GET | /audit/report-plans | Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan. |\n| GET | /audit/restore-job-summaries | This request obtains a summary of restore jobs created or running within the the most recent 30 days. You can include parameters AccountID, State, ResourceType, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, RestourceType, MessageCategory, StartTime, EndTime, and Count of included jobs. |\n| POST | /audit/report-jobs/{reportPlanName} | Starts an on-demand report job for the specified report plan. |\n| PUT | /audit/frameworks/{frameworkName} | Updates the specified framework. |\n| PUT | /audit/report-plans/{reportPlanName} | Updates the specified report plan. |\n\n### Logically-air-gapped-backup-vaults\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /logically-air-gapped-backup-vaults/{backupVaultName} | Creates a logical container to where backups may be copied. This request includes a name, the Region, the maximum number of retention days, the minimum number of retention days, and optionally can include tags and a creator request ID.  Do not include sensitive data, such as passport numbers, in the name of a backup vault. |\n\n### Restore-testing\n| Method | Path | Description |\n|--------|------|-------------|\n| PUT | /restore-testing/plans | Creates a restore testing plan. The first of two steps to create a restore testing plan. After this request is successful, finish the procedure using CreateRestoreTestingSelection. |\n| PUT | /restore-testing/plans/{RestoreTestingPlanName}/selections | This request can be sent after CreateRestoreTestingPlan request returns successfully. This is the second part of creating a resource testing plan, and it must be completed sequentially. This consists of RestoreTestingSelectionName, ProtectedResourceType, and one of the following:    ProtectedResourceArns     ProtectedResourceConditions    Each protected resource type can have one single value. A restore testing selection can include a wildcard value (\"*\") for ProtectedResourceArns along with ProtectedResourceConditions. Alternatively, you can include up to 30 specific protected resource ARNs in ProtectedResourceArns. Cannot select by both protected resource types AND specific ARNs. Request will fail if both are included. |\n| DELETE | /restore-testing/plans/{RestoreTestingPlanName} | This request deletes the specified restore testing plan. Deletion can only successfully occur if all associated restore testing selections are deleted first. |\n| DELETE | /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName} | Input the Restore Testing Plan name and Restore Testing Selection name. All testing selections associated with a restore testing plan must be deleted before the restore testing plan can be deleted. |\n| GET | /restore-testing/inferred-metadata | This request returns the minimal required set of metadata needed to start a restore job with secure default settings. BackupVaultName and RecoveryPointArn are required parameters. BackupVaultAccountId is an optional parameter. |\n| GET | /restore-testing/plans/{RestoreTestingPlanName} | Returns RestoreTestingPlan details for the specified RestoreTestingPlanName. The details are the body of a restore testing plan in JSON format, in addition to plan metadata. |\n| GET | /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName} | Returns RestoreTestingSelection, which displays resources and elements of the restore testing plan. |\n| GET | /restore-testing/plans | Returns a list of restore testing plans. |\n| GET | /restore-testing/plans/{RestoreTestingPlanName}/selections | Returns a list of restore testing selections. Can be filtered by MaxResults and RestoreTestingPlanName. |\n| PUT | /restore-testing/plans/{RestoreTestingPlanName} | This request will send changes to your specified restore testing plan. RestoreTestingPlanName cannot be updated after it is created.  RecoveryPointSelection can contain:    Algorithm     ExcludeVaults     IncludeVaults     RecoveryPointTypes     SelectionWindowDays |\n| PUT | /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName} | Updates the specified restore testing selection. Most elements except the RestoreTestingSelectionName can be updated with this request. You can use either protected resource ARNs or conditions, but not both. |\n\n### Backup-jobs\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /backup-jobs/{backupJobId} | Returns backup job details for the specified BackupJobId. |\n| GET | /backup-jobs/ | Returns a list of existing backup jobs for an authenticated account for the last 30 days. For a longer period of time, consider using these monitoring tools. |\n| PUT | /backup-jobs | Starts an on-demand backup job for the specified resource. |\n| POST | /backup-jobs/{backupJobId} | Attempts to cancel a job to create a one-time backup of a resource. This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP, Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune. |\n\n### Copy-jobs\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /copy-jobs/{copyJobId} | Returns metadata associated with creating a copy of a resource. |\n| GET | /copy-jobs/ | Returns metadata about your copy jobs. |\n| PUT | /copy-jobs | Starts a job to create a one-time copy of the specified resource. Does not support continuous backups. |\n\n### Global-settings\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /global-settings | Describes whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not a member of an Organizations organization. Example: describe-global-settings --region us-west-2 |\n| PUT | /global-settings | Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings. |\n\n### Resources\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /resources/{resourceArn} | Returns information about a saved resource, including the last time it was backed up, its Amazon Resource Name (ARN), and the Amazon Web Services service type of the saved resource. |\n| GET | /resources/ | Returns an array of resources successfully backed up by Backup, including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type. |\n| GET | /resources/{resourceArn}/recovery-points/ | The information about the recovery points of the type specified by a resource Amazon Resource Name (ARN).  For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup. |\n| GET | /resources/{resourceArn}/restore-jobs/ | This returns restore jobs that contain the specified protected resource. You must include ResourceArn. You can optionally include NextToken, ByStatus, MaxResults, ByRecoveryPointCreationDateAfter , and ByRecoveryPointCreationDateBefore. |\n\n### Account-settings\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /account-settings | Returns the current service opt-in settings for the Region. If service opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region. |\n| PUT | /account-settings | Updates the current service opt-in settings for the Region. Use the DescribeRegionSettings API to determine the resource types that are supported. |\n\n### Restore-jobs\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /restore-jobs/{restoreJobId} | Returns metadata associated with a restore job that is specified by a job ID. |\n| GET | /restore-jobs/{restoreJobId}/metadata | This request returns the metadata for the specified restore job. |\n| GET | /restore-jobs/ | Returns a list of jobs that Backup initiated to restore a saved resource, including details about the recovery process. |\n| PUT | /restore-jobs/{restoreJobId}/validations | This request allows you to send your independent self-run restore test validation results. RestoreJobId and ValidationStatus are required. Optionally, you can input a ValidationStatusMessage. |\n| PUT | /restore-jobs | Recovers the saved resource identified by an Amazon Resource Name (ARN). |\n\n### Supported-resource-types\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /supported-resource-types | Returns the Amazon Web Services resource types supported by Backup. |\n\n### Tags\n| Method | Path | Description |\n|--------|------|-------------|\n| GET | /tags/{resourceArn}/ | Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault. |\n| POST | /tags/{resourceArn} | Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN). This API is supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS. |\n\n### Untag\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | /untag/{resourceArn} | Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN) This API is not supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Delete a legal-hold?\" -> DELETE /legal-holds/{legalHoldId}\n- \"Update a backup-vault?\" -> PUT /backup-vaults/{backupVaultName}\n- \"Create a framework?\" -> POST /audit/frameworks\n- \"Create a legal-hold?\" -> POST /legal-holds/\n- \"Update a logically-air-gapped-backup-vault?\" -> PUT /logically-air-gapped-backup-vaults/{backupVaultName}\n- \"Create a report-plan?\" -> POST /audit/report-plans\n- \"Delete a plan?\" -> DELETE /backup/plans/{backupPlanId}\n- \"Delete a selection?\" -> DELETE /backup/plans/{backupPlanId}/selections/{selectionId}\n- \"Delete a backup-vault?\" -> DELETE /backup-vaults/{backupVaultName}\n- \"Delete a framework?\" -> DELETE /audit/frameworks/{frameworkName}\n- \"Delete a recovery-point?\" -> DELETE /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}\n- \"Delete a report-plan?\" -> DELETE /audit/report-plans/{reportPlanName}\n- \"Get backup-job details?\" -> GET /backup-jobs/{backupJobId}\n- \"Get backup-vault details?\" -> GET /backup-vaults/{backupVaultName}\n- \"Get copy-job details?\" -> GET /copy-jobs/{copyJobId}\n- \"Get framework details?\" -> GET /audit/frameworks/{frameworkName}\n- \"List all global-settings?\" -> GET /global-settings\n- \"Get resource details?\" -> GET /resources/{resourceArn}\n- \"Get recovery-point details?\" -> GET /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}\n- \"List all account-settings?\" -> GET /account-settings\n- \"Get report-job details?\" -> GET /audit/report-jobs/{reportJobId}\n- \"Get report-plan details?\" -> GET /audit/report-plans/{reportPlanName}\n- \"Get restore-job details?\" -> GET /restore-jobs/{restoreJobId}\n- \"Create a disassociate?\" -> POST /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/disassociate\n- \"List all toTemplate?\" -> GET /backup/plans/{backupPlanId}/toTemplate/\n- \"Get plan details?\" -> GET /backup/plans/{backupPlanId}/\n- \"Create a toPlan?\" -> POST /backup/template/json/toPlan\n- \"List all toPlan?\" -> GET /backup/template/plans/{templateId}/toPlan\n- \"Get selection details?\" -> GET /backup/plans/{backupPlanId}/selections/{selectionId}\n- \"List all access-policy?\" -> GET /backup-vaults/{backupVaultName}/access-policy\n- \"List all notification-configuration?\" -> GET /backup-vaults/{backupVaultName}/notification-configuration\n- \"Get legal-hold details?\" -> GET /legal-holds/{legalHoldId}/\n- \"List all restore-metadata?\" -> GET /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/restore-metadata\n- \"List all metadata?\" -> GET /restore-jobs/{restoreJobId}/metadata\n- \"List all inferred-metadata?\" -> GET /restore-testing/inferred-metadata\n- \"List all supported-resource-types?\" -> GET /supported-resource-types\n- \"List all backup-job-summaries?\" -> GET /audit/backup-job-summaries\n- \"List all backup-jobs?\" -> GET /backup-jobs/\n- \"List all plans?\" -> GET /backup/template/plans\n- \"List all versions?\" -> GET /backup/plans/{backupPlanId}/versions/\n- \"List all selections?\" -> GET /backup/plans/{backupPlanId}/selections/\n- \"List all backup-vaults?\" -> GET /backup-vaults/\n- \"List all copy-job-summaries?\" -> GET /audit/copy-job-summaries\n- \"List all copy-jobs?\" -> GET /copy-jobs/\n- \"List all frameworks?\" -> GET /audit/frameworks\n- \"List all legal-holds?\" -> GET /legal-holds/\n- \"List all resources?\" -> GET /resources/\n- \"List all recovery-points?\" -> GET /backup-vaults/{backupVaultName}/recovery-points/\n- \"List all report-jobs?\" -> GET /audit/report-jobs\n- \"List all report-plans?\" -> GET /audit/report-plans\n- \"List all restore-job-summaries?\" -> GET /audit/restore-job-summaries\n- \"List all restore-jobs?\" -> GET /restore-jobs/\n- \"Get tag details?\" -> GET /tags/{resourceArn}/\n- \"Update a framework?\" -> PUT /audit/frameworks/{frameworkName}\n- \"Update a report-plan?\" -> PUT /audit/report-plans/{reportPlanName}\n- \"Update a plan?\" -> PUT /restore-testing/plans/{RestoreTestingPlanName}\n- \"Update a selection?\" -> PUT /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName}\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS Backup\n@version 2018-11-15\n@auth AWS SigV4\n@endpoints 91\n@hint download_for_search\n@toc legal-holds(5), backup(14), backup-vaults(20), audit(16), logically-air-gapped-backup-vaults(1), restore-testing(11), backup-jobs(4), copy-jobs(3), global-settings(2), resources(4), account-settings(2), restore-jobs(5), supported-resource-types(1), tags(2), untag(1)\n\n@group legal-holds\n@endpoint DELETE /legal-holds/{legalHoldId}\n@desc Removes the specified legal hold on a recovery point. This action can only be performed by a user with sufficient permissions.\n@required {LegalHoldId: str, cancelDescription: str}\n@optional {retainRecordInDays: int(i64)}\n\n@endgroup\n\n@group backup\n@endpoint PUT /backup/plans/\n@desc Creates a backup plan using a backup plan name and backup rules. A backup plan is a document that contains information that Backup uses to schedule tasks that create recovery points for resources. If you call CreateBackupPlan with a plan that already exists, you receive an AlreadyExistsException exception.\n@required {BackupPlan: BackupPlanInput}\n@optional {BackupPlanTags: map<str,str>, CreatorRequestId: str}\n@returns(200) {BackupPlanId: str?, BackupPlanArn: str?, CreationDate: str(timestamp)?, VersionId: str?, AdvancedBackupSettings: [AdvancedBackupSetting]?}\n\n@endpoint PUT /backup/plans/{backupPlanId}/selections/\n@desc Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically.\n@required {BackupPlanId: str, BackupSelection: BackupSelection}\n@optional {CreatorRequestId: str}\n@returns(200) {SelectionId: str?, BackupPlanId: str?, CreationDate: str(timestamp)?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint PUT /backup-vaults/{backupVaultName}\n@desc Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.  Do not include sensitive data, such as passport numbers, in the name of a backup vault.\n@required {BackupVaultName: str}\n@optional {BackupVaultTags: map<str,str>, EncryptionKeyArn: str, CreatorRequestId: str}\n@returns(200) {BackupVaultName: str?, BackupVaultArn: str?, CreationDate: str(timestamp)?}\n\n@endgroup\n\n@group audit\n@endpoint POST /audit/frameworks\n@desc Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.\n@required {FrameworkName: str, FrameworkControls: [FrameworkControl]}\n@optional {FrameworkDescription: str, IdempotencyToken: str, FrameworkTags: map<str,str>}\n@returns(200) {FrameworkName: str?, FrameworkArn: str?}\n\n@endgroup\n\n@group legal-holds\n@endpoint POST /legal-holds/\n@desc Creates a legal hold on a recovery point (backup). A legal hold is a restraint on altering or deleting a backup until an authorized user cancels the legal hold. Any actions to delete or disassociate a recovery point will fail with an error if one or more active legal holds are on the recovery point.\n@required {Title: str, Description: str}\n@optional {IdempotencyToken: str, RecoveryPointSelection: RecoveryPointSelection, Tags: map<str,str>}\n@returns(200) {Title: str?, Status: str?, Description: str?, LegalHoldId: str?, LegalHoldArn: str?, CreationDate: str(timestamp)?, RecoveryPointSelection: RecoveryPointSelection?{VaultNames: [str]?, ResourceIdentifiers: [str]?, DateRange: DateRange?{FromDate: str(timestamp), ToDate: str(timestamp)}}}\n\n@endgroup\n\n@group logically-air-gapped-backup-vaults\n@endpoint PUT /logically-air-gapped-backup-vaults/{backupVaultName}\n@desc Creates a logical container to where backups may be copied. This request includes a name, the Region, the maximum number of retention days, the minimum number of retention days, and optionally can include tags and a creator request ID.  Do not include sensitive data, such as passport numbers, in the name of a backup vault.\n@required {BackupVaultName: str, MinRetentionDays: int(i64), MaxRetentionDays: int(i64)}\n@optional {BackupVaultTags: map<str,str>, CreatorRequestId: str}\n@returns(200) {BackupVaultName: str?, BackupVaultArn: str?, CreationDate: str(timestamp)?, VaultState: str?}\n\n@endgroup\n\n@group audit\n@endpoint POST /audit/report-plans\n@desc Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it. If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.\n@required {ReportPlanName: str, ReportDeliveryChannel: ReportDeliveryChannel, ReportSetting: ReportSetting}\n@optional {ReportPlanDescription: str, ReportPlanTags: map<str,str>, IdempotencyToken: str}\n@returns(200) {ReportPlanName: str?, ReportPlanArn: str?, CreationTime: str(timestamp)?}\n\n@endgroup\n\n@group restore-testing\n@endpoint PUT /restore-testing/plans\n@desc Creates a restore testing plan. The first of two steps to create a restore testing plan. After this request is successful, finish the procedure using CreateRestoreTestingSelection.\n@required {RestoreTestingPlan: RestoreTestingPlanForCreate}\n@optional {CreatorRequestId: str, Tags: map<str,str>}\n@returns(200) {CreationTime: str(timestamp), RestoreTestingPlanArn: str, RestoreTestingPlanName: str}\n\n@endpoint PUT /restore-testing/plans/{RestoreTestingPlanName}/selections\n@desc This request can be sent after CreateRestoreTestingPlan request returns successfully. This is the second part of creating a resource testing plan, and it must be completed sequentially. This consists of RestoreTestingSelectionName, ProtectedResourceType, and one of the following:    ProtectedResourceArns     ProtectedResourceConditions    Each protected resource type can have one single value. A restore testing selection can include a wildcard value (\"*\") for ProtectedResourceArns along with ProtectedResourceConditions. Alternatively, you can include up to 30 specific protected resource ARNs in ProtectedResourceArns. Cannot select by both protected resource types AND specific ARNs. Request will fail if both are included.\n@required {RestoreTestingPlanName: str, RestoreTestingSelection: RestoreTestingSelectionForCreate}\n@optional {CreatorRequestId: str}\n@returns(200) {CreationTime: str(timestamp), RestoreTestingPlanArn: str, RestoreTestingPlanName: str, RestoreTestingSelectionName: str}\n\n@endgroup\n\n@group backup\n@endpoint DELETE /backup/plans/{backupPlanId}\n@desc Deletes a backup plan. A backup plan can only be deleted after all associated selections of resources have been deleted. Deleting a backup plan deletes the current version of a backup plan. Previous versions, if any, will still exist.\n@required {BackupPlanId: str}\n@returns(200) {BackupPlanId: str?, BackupPlanArn: str?, DeletionDate: str(timestamp)?, VersionId: str?}\n\n@endpoint DELETE /backup/plans/{backupPlanId}/selections/{selectionId}\n@desc Deletes the resource selection associated with a backup plan that is specified by the SelectionId.\n@required {BackupPlanId: str, SelectionId: str}\n\n@endgroup\n\n@group backup-vaults\n@endpoint DELETE /backup-vaults/{backupVaultName}\n@desc Deletes the backup vault identified by its name. A vault can be deleted only if it is empty.\n@required {BackupVaultName: str}\n\n@endpoint DELETE /backup-vaults/{backupVaultName}/access-policy\n@desc Deletes the policy document that manages permissions on a backup vault.\n@required {BackupVaultName: str}\n\n@endpoint DELETE /backup-vaults/{backupVaultName}/vault-lock\n@desc Deletes Backup Vault Lock from a backup vault specified by a backup vault name. If the Vault Lock configuration is immutable, then you cannot delete Vault Lock using API operations, and you will receive an InvalidRequestException if you attempt to do so. For more information, see Vault Lock in the Backup Developer Guide.\n@required {BackupVaultName: str}\n\n@endpoint DELETE /backup-vaults/{backupVaultName}/notification-configuration\n@desc Deletes event notifications for the specified backup vault.\n@required {BackupVaultName: str}\n\n@endgroup\n\n@group audit\n@endpoint DELETE /audit/frameworks/{frameworkName}\n@desc Deletes the framework specified by a framework name.\n@required {FrameworkName: str}\n\n@endgroup\n\n@group backup-vaults\n@endpoint DELETE /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}\n@desc Deletes the recovery point specified by a recovery point ID. If the recovery point ID belongs to a continuous backup, calling this endpoint deletes the existing continuous backup and stops future continuous backup. When an IAM role's permissions are insufficient to call this API, the service sends back an HTTP 200 response with an empty HTTP body, but the recovery point is not deleted. Instead, it enters an EXPIRED state.  EXPIRED recovery points can be deleted with this API once the IAM role has the iam:CreateServiceLinkedRole action. To learn more about adding this role, see  Troubleshooting manual deletions. If the user or role is deleted or the permission within the role is removed, the deletion will not be successful and will enter an EXPIRED state.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n\n@endgroup\n\n@group audit\n@endpoint DELETE /audit/report-plans/{reportPlanName}\n@desc Deletes the report plan specified by a report plan name.\n@required {ReportPlanName: str}\n\n@endgroup\n\n@group restore-testing\n@endpoint DELETE /restore-testing/plans/{RestoreTestingPlanName}\n@desc This request deletes the specified restore testing plan. Deletion can only successfully occur if all associated restore testing selections are deleted first.\n@required {RestoreTestingPlanName: str}\n\n@endpoint DELETE /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName}\n@desc Input the Restore Testing Plan name and Restore Testing Selection name. All testing selections associated with a restore testing plan must be deleted before the restore testing plan can be deleted.\n@required {RestoreTestingPlanName: str, RestoreTestingSelectionName: str}\n\n@endgroup\n\n@group backup-jobs\n@endpoint GET /backup-jobs/{backupJobId}\n@desc Returns backup job details for the specified BackupJobId.\n@required {BackupJobId: str}\n@returns(200) {AccountId: str?, BackupJobId: str?, BackupVaultName: str?, BackupVaultArn: str?, RecoveryPointArn: str?, ResourceArn: str?, CreationDate: str(timestamp)?, CompletionDate: str(timestamp)?, State: str?, StatusMessage: str?, PercentDone: str?, BackupSizeInBytes: int(i64)?, IamRoleArn: str?, CreatedBy: RecoveryPointCreator?{BackupPlanId: str?, BackupPlanArn: str?, BackupPlanVersion: str?, BackupRuleId: str?}, ResourceType: str?, BytesTransferred: int(i64)?, ExpectedCompletionDate: str(timestamp)?, StartBy: str(timestamp)?, BackupOptions: map<str,str>?, BackupType: str?, ParentJobId: str?, IsParent: bool?, NumberOfChildJobs: int(i64)?, ChildJobsInState: map<str,int(i64)>?, ResourceName: str?, InitiationDate: str(timestamp)?, MessageCategory: str?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/{backupVaultName}\n@desc Returns metadata about a backup vault specified by its name.\n@required {BackupVaultName: str}\n@optional {backupVaultAccountId: str}\n@returns(200) {BackupVaultName: str?, BackupVaultArn: str?, VaultType: str?, VaultState: str?, EncryptionKeyArn: str?, CreationDate: str(timestamp)?, CreatorRequestId: str?, NumberOfRecoveryPoints: int(i64)?, Locked: bool?, MinRetentionDays: int(i64)?, MaxRetentionDays: int(i64)?, LockDate: str(timestamp)?}\n\n@endgroup\n\n@group copy-jobs\n@endpoint GET /copy-jobs/{copyJobId}\n@desc Returns metadata associated with creating a copy of a resource.\n@required {CopyJobId: str}\n@returns(200) {CopyJob: CopyJob?{AccountId: str?, CopyJobId: str?, SourceBackupVaultArn: str?, SourceRecoveryPointArn: str?, DestinationBackupVaultArn: str?, DestinationRecoveryPointArn: str?, ResourceArn: str?, CreationDate: str(timestamp)?, CompletionDate: str(timestamp)?, State: str?, StatusMessage: str?, BackupSizeInBytes: int(i64)?, IamRoleArn: str?, CreatedBy: RecoveryPointCreator?{BackupPlanId: str?, BackupPlanArn: str?, BackupPlanVersion: str?, BackupRuleId: str?}, ResourceType: str?, ParentJobId: str?, IsParent: bool?, CompositeMemberIdentifier: str?, NumberOfChildJobs: int(i64)?, ChildJobsInState: map<str, int(i64)>?: any, ResourceName: str?, MessageCategory: str?}}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/frameworks/{frameworkName}\n@desc Returns the framework details for the specified FrameworkName.\n@required {FrameworkName: str}\n@returns(200) {FrameworkName: str?, FrameworkArn: str?, FrameworkDescription: str?, FrameworkControls: [FrameworkControl]?, CreationTime: str(timestamp)?, DeploymentStatus: str?, FrameworkStatus: str?, IdempotencyToken: str?}\n\n@endgroup\n\n@group global-settings\n@endpoint GET /global-settings\n@desc Describes whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not a member of an Organizations organization. Example: describe-global-settings --region us-west-2\n@returns(200) {GlobalSettings: map<str,str>?, LastUpdateTime: str(timestamp)?}\n\n@endgroup\n\n@group resources\n@endpoint GET /resources/{resourceArn}\n@desc Returns information about a saved resource, including the last time it was backed up, its Amazon Resource Name (ARN), and the Amazon Web Services service type of the saved resource.\n@required {ResourceArn: str}\n@returns(200) {ResourceArn: str?, ResourceType: str?, LastBackupTime: str(timestamp)?, ResourceName: str?, LastBackupVaultArn: str?, LastRecoveryPointArn: str?, LatestRestoreExecutionTimeMinutes: int(i64)?, LatestRestoreJobCreationDate: str(timestamp)?, LatestRestoreRecoveryPointCreationDate: str(timestamp)?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}\n@desc Returns metadata associated with a recovery point, including ID, status, encryption, and lifecycle.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n@optional {backupVaultAccountId: str}\n@returns(200) {RecoveryPointArn: str?, BackupVaultName: str?, BackupVaultArn: str?, SourceBackupVaultArn: str?, ResourceArn: str?, ResourceType: str?, CreatedBy: RecoveryPointCreator?{BackupPlanId: str?, BackupPlanArn: str?, BackupPlanVersion: str?, BackupRuleId: str?}, IamRoleArn: str?, Status: str?, StatusMessage: str?, CreationDate: str(timestamp)?, CompletionDate: str(timestamp)?, BackupSizeInBytes: int(i64)?, CalculatedLifecycle: CalculatedLifecycle?{MoveToColdStorageAt: str(timestamp)?, DeleteAt: str(timestamp)?}, Lifecycle: Lifecycle?{MoveToColdStorageAfterDays: int(i64)?, DeleteAfterDays: int(i64)?, OptInToArchiveForSupportedResources: bool?}, EncryptionKeyArn: str?, IsEncrypted: bool?, StorageClass: str?, LastRestoreTime: str(timestamp)?, ParentRecoveryPointArn: str?, CompositeMemberIdentifier: str?, IsParent: bool?, ResourceName: str?, VaultType: str?}\n\n@endgroup\n\n@group account-settings\n@endpoint GET /account-settings\n@desc Returns the current service opt-in settings for the Region. If service opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region.\n@returns(200) {ResourceTypeOptInPreference: map<str,bool>?, ResourceTypeManagementPreference: map<str,bool>?}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/report-jobs/{reportJobId}\n@desc Returns the details associated with creating a report as specified by its ReportJobId.\n@required {ReportJobId: str}\n@returns(200) {ReportJob: ReportJob?{ReportJobId: str?, ReportPlanArn: str?, ReportTemplate: str?, CreationTime: str(timestamp)?, CompletionTime: str(timestamp)?, Status: str?, StatusMessage: str?, ReportDestination: ReportDestination?{S3BucketName: str?, S3Keys: [str]?}}}\n\n@endpoint GET /audit/report-plans/{reportPlanName}\n@desc Returns a list of all report plans for an Amazon Web Services account and Amazon Web Services Region.\n@required {ReportPlanName: str}\n@returns(200) {ReportPlan: ReportPlan?{ReportPlanArn: str?, ReportPlanName: str?, ReportPlanDescription: str?, ReportSetting: ReportSetting?{ReportTemplate: str, FrameworkArns: [str]?, NumberOfFrameworks: int?, Accounts: [str]?, OrganizationUnits: [str]?, Regions: [str]?}, ReportDeliveryChannel: ReportDeliveryChannel?{S3BucketName: str, S3KeyPrefix: str?, Formats: [str]?}, DeploymentStatus: str?, CreationTime: str(timestamp)?, LastAttemptedExecutionTime: str(timestamp)?, LastSuccessfulExecutionTime: str(timestamp)?}}\n\n@endgroup\n\n@group restore-jobs\n@endpoint GET /restore-jobs/{restoreJobId}\n@desc Returns metadata associated with a restore job that is specified by a job ID.\n@required {RestoreJobId: str}\n@returns(200) {AccountId: str?, RestoreJobId: str?, RecoveryPointArn: str?, CreationDate: str(timestamp)?, CompletionDate: str(timestamp)?, Status: str?, StatusMessage: str?, PercentDone: str?, BackupSizeInBytes: int(i64)?, IamRoleArn: str?, ExpectedCompletionTimeMinutes: int(i64)?, CreatedResourceArn: str?, ResourceType: str?, RecoveryPointCreationDate: str(timestamp)?, CreatedBy: RestoreJobCreator?{RestoreTestingPlanArn: str?}, ValidationStatus: str?, ValidationStatusMessage: str?, DeletionStatus: str?, DeletionStatusMessage: str?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint POST /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/disassociate\n@desc Deletes the specified continuous backup recovery point from Backup and releases control of that continuous backup to the source service, such as Amazon RDS. The source service will continue to create and retain continuous backups using the lifecycle that you specified in your original backup plan. Does not support snapshot backup recovery points.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n\n@endpoint DELETE /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/parentAssociation\n@desc This action to a specific child (nested) recovery point removes the relationship between the specified recovery point and its parent (composite) recovery point.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n\n@endgroup\n\n@group backup\n@endpoint GET /backup/plans/{backupPlanId}/toTemplate/\n@desc Returns the backup plan that is specified by the plan ID as a backup template.\n@required {BackupPlanId: str}\n@returns(200) {BackupPlanTemplateJson: str?}\n\n@endpoint GET /backup/plans/{backupPlanId}/\n@desc Returns BackupPlan details for the specified BackupPlanId. The details are the body of a backup plan in JSON format, in addition to plan metadata.\n@required {BackupPlanId: str}\n@optional {versionId: str}\n@returns(200) {BackupPlan: BackupPlan?{BackupPlanName: str, Rules: [BackupRule], AdvancedBackupSettings: [AdvancedBackupSetting]?}, BackupPlanId: str?, BackupPlanArn: str?, VersionId: str?, CreatorRequestId: str?, CreationDate: str(timestamp)?, DeletionDate: str(timestamp)?, LastExecutionDate: str(timestamp)?, AdvancedBackupSettings: [AdvancedBackupSetting]?}\n\n@endpoint POST /backup/template/json/toPlan\n@desc Returns a valid JSON document specifying a backup plan or an error.\n@required {BackupPlanTemplateJson: str}\n@returns(200) {BackupPlan: BackupPlan?{BackupPlanName: str, Rules: [BackupRule], AdvancedBackupSettings: [AdvancedBackupSetting]?}}\n\n@endpoint GET /backup/template/plans/{templateId}/toPlan\n@desc Returns the template specified by its templateId as a backup plan.\n@required {BackupPlanTemplateId: str}\n@returns(200) {BackupPlanDocument: BackupPlan?{BackupPlanName: str, Rules: [BackupRule], AdvancedBackupSettings: [AdvancedBackupSetting]?}}\n\n@endpoint GET /backup/plans/{backupPlanId}/selections/{selectionId}\n@desc Returns selection metadata and a document in JSON format that specifies a list of resources that are associated with a backup plan.\n@required {BackupPlanId: str, SelectionId: str}\n@returns(200) {BackupSelection: BackupSelection?{SelectionName: str, IamRoleArn: str, Resources: [str]?, ListOfTags: [Condition]?, NotResources: [str]?, Conditions: Conditions?{StringEquals: [ConditionParameter]?, StringNotEquals: [ConditionParameter]?, StringLike: [ConditionParameter]?, StringNotLike: [ConditionParameter]?}}, SelectionId: str?, BackupPlanId: str?, CreationDate: str(timestamp)?, CreatorRequestId: str?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/{backupVaultName}/access-policy\n@desc Returns the access policy document that is associated with the named backup vault.\n@required {BackupVaultName: str}\n@returns(200) {BackupVaultName: str?, BackupVaultArn: str?, Policy: str?}\n\n@endpoint GET /backup-vaults/{backupVaultName}/notification-configuration\n@desc Returns event notifications for the specified backup vault.\n@required {BackupVaultName: str}\n@returns(200) {BackupVaultName: str?, BackupVaultArn: str?, SNSTopicArn: str?, BackupVaultEvents: [str]?}\n\n@endgroup\n\n@group legal-holds\n@endpoint GET /legal-holds/{legalHoldId}/\n@desc This action returns details for a specified legal hold. The details are the body of a legal hold in JSON format, in addition to metadata.\n@required {LegalHoldId: str}\n@returns(200) {Title: str?, Status: str?, Description: str?, CancelDescription: str?, LegalHoldId: str?, LegalHoldArn: str?, CreationDate: str(timestamp)?, CancellationDate: str(timestamp)?, RetainRecordUntil: str(timestamp)?, RecoveryPointSelection: RecoveryPointSelection?{VaultNames: [str]?, ResourceIdentifiers: [str]?, DateRange: DateRange?{FromDate: str(timestamp), ToDate: str(timestamp)}}}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}/restore-metadata\n@desc Returns a set of metadata key-value pairs that were used to create the backup.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n@optional {backupVaultAccountId: str}\n@returns(200) {BackupVaultArn: str?, RecoveryPointArn: str?, RestoreMetadata: map<str,str>?, ResourceType: str?}\n\n@endgroup\n\n@group restore-jobs\n@endpoint GET /restore-jobs/{restoreJobId}/metadata\n@desc This request returns the metadata for the specified restore job.\n@required {RestoreJobId: str}\n@returns(200) {RestoreJobId: str?, Metadata: map<str,str>?}\n\n@endgroup\n\n@group restore-testing\n@endpoint GET /restore-testing/inferred-metadata\n@desc This request returns the minimal required set of metadata needed to start a restore job with secure default settings. BackupVaultName and RecoveryPointArn are required parameters. BackupVaultAccountId is an optional parameter.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n@optional {BackupVaultAccountId: str}\n@returns(200) {InferredMetadata: map<str,str>}\n\n@endpoint GET /restore-testing/plans/{RestoreTestingPlanName}\n@desc Returns RestoreTestingPlan details for the specified RestoreTestingPlanName. The details are the body of a restore testing plan in JSON format, in addition to plan metadata.\n@required {RestoreTestingPlanName: str}\n@returns(200) {RestoreTestingPlan: RestoreTestingPlanForGet{CreationTime: str(timestamp), CreatorRequestId: str?, LastExecutionTime: str(timestamp)?, LastUpdateTime: str(timestamp)?, RecoveryPointSelection: RestoreTestingRecoveryPointSelection{Algorithm: str?, ExcludeVaults: [str]?, IncludeVaults: [str]?, RecoveryPointTypes: [str]?, SelectionWindowDays: int?}, RestoreTestingPlanArn: str, RestoreTestingPlanName: str, ScheduleExpression: str, ScheduleExpressionTimezone: str?, StartWindowHours: int?}}\n\n@endpoint GET /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName}\n@desc Returns RestoreTestingSelection, which displays resources and elements of the restore testing plan.\n@required {RestoreTestingPlanName: str, RestoreTestingSelectionName: str}\n@returns(200) {RestoreTestingSelection: RestoreTestingSelectionForGet{CreationTime: str(timestamp), CreatorRequestId: str?, IamRoleArn: str, ProtectedResourceArns: [str]?, ProtectedResourceConditions: ProtectedResourceConditions?{StringEquals: [KeyValue]?, StringNotEquals: [KeyValue]?}, ProtectedResourceType: str, RestoreMetadataOverrides: map<str, str>?: any, RestoreTestingPlanName: str, RestoreTestingSelectionName: str, ValidationWindowHours: int?}}\n\n@endgroup\n\n@group supported-resource-types\n@endpoint GET /supported-resource-types\n@desc Returns the Amazon Web Services resource types supported by Backup.\n@returns(200) {ResourceTypes: [str]?}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/backup-job-summaries\n@desc This is a request for a summary of backup jobs created or running within the most recent 30 days. You can include parameters AccountID, State, ResourceType, MessageCategory, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, ResourceType, MessageCategory, StartTime, EndTime, and Count of included jobs.\n@optional {AccountId: str, State: str, ResourceType: str, MessageCategory: str, AggregationPeriod: str, MaxResults: int, NextToken: str}\n@returns(200) {BackupJobSummaries: [BackupJobSummary]?, AggregationPeriod: str?, NextToken: str?}\n\n@endgroup\n\n@group backup-jobs\n@endpoint GET /backup-jobs/\n@desc Returns a list of existing backup jobs for an authenticated account for the last 30 days. For a longer period of time, consider using these monitoring tools.\n@optional {nextToken: str, maxResults: int, resourceArn: str, state: str, backupVaultName: str, createdBefore: str(timestamp), createdAfter: str(timestamp), resourceType: str, accountId: str, completeAfter: str(timestamp), completeBefore: str(timestamp), parentJobId: str, messageCategory: str}\n@returns(200) {BackupJobs: [BackupJob]?, NextToken: str?}\n\n@endgroup\n\n@group backup\n@endpoint GET /backup/template/plans\n@desc Lists the backup plan templates.\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, BackupPlanTemplatesList: [BackupPlanTemplatesListMember]?}\n\n@endpoint GET /backup/plans/{backupPlanId}/versions/\n@desc Returns version metadata of your backup plans, including Amazon Resource Names (ARNs), backup plan IDs, creation and deletion dates, plan names, and version IDs.\n@required {BackupPlanId: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, BackupPlanVersionsList: [BackupPlansListMember]?}\n\n@endpoint GET /backup/plans/\n@desc Lists the active backup plans for the account.\n@optional {nextToken: str, maxResults: int, includeDeleted: bool}\n@returns(200) {NextToken: str?, BackupPlansList: [BackupPlansListMember]?}\n\n@endpoint GET /backup/plans/{backupPlanId}/selections/\n@desc Returns an array containing metadata of the resources associated with the target backup plan.\n@required {BackupPlanId: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, BackupSelectionsList: [BackupSelectionsListMember]?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/\n@desc Returns a list of recovery point storage containers along with information about them.\n@optional {vaultType: str, shared: bool, nextToken: str, maxResults: int}\n@returns(200) {BackupVaultList: [BackupVaultListMember]?, NextToken: str?}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/copy-job-summaries\n@desc This request obtains a list of copy jobs created or running within the the most recent 30 days. You can include parameters AccountID, State, ResourceType, MessageCategory, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, RestourceType, MessageCategory, StartTime, EndTime, and Count of included jobs.\n@optional {AccountId: str, State: str, ResourceType: str, MessageCategory: str, AggregationPeriod: str, MaxResults: int, NextToken: str}\n@returns(200) {CopyJobSummaries: [CopyJobSummary]?, AggregationPeriod: str?, NextToken: str?}\n\n@endgroup\n\n@group copy-jobs\n@endpoint GET /copy-jobs/\n@desc Returns metadata about your copy jobs.\n@optional {nextToken: str, maxResults: int, resourceArn: str, state: str, createdBefore: str(timestamp), createdAfter: str(timestamp), resourceType: str, destinationVaultArn: str, accountId: str, completeBefore: str(timestamp), completeAfter: str(timestamp), parentJobId: str, messageCategory: str}\n@returns(200) {CopyJobs: [CopyJob]?, NextToken: str?}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/frameworks\n@desc Returns a list of all frameworks for an Amazon Web Services account and Amazon Web Services Region.\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {Frameworks: [Framework]?, NextToken: str?}\n\n@endgroup\n\n@group legal-holds\n@endpoint GET /legal-holds/\n@desc This action returns metadata about active and previous legal holds.\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, LegalHolds: [LegalHold]?}\n\n@endgroup\n\n@group resources\n@endpoint GET /resources/\n@desc Returns an array of resources successfully backed up by Backup, including the time the resource was saved, an Amazon Resource Name (ARN) of the resource, and a resource type.\n@optional {nextToken: str, maxResults: int}\n@returns(200) {Results: [ProtectedResource]?, NextToken: str?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint GET /backup-vaults/{backupVaultName}/resources/\n@desc This request lists the protected resources corresponding to each backup vault.\n@required {BackupVaultName: str}\n@optional {backupVaultAccountId: str, nextToken: str, maxResults: int}\n@returns(200) {Results: [ProtectedResource]?, NextToken: str?}\n\n@endpoint GET /backup-vaults/{backupVaultName}/recovery-points/\n@desc Returns detailed information about the recovery points stored in a backup vault.\n@required {BackupVaultName: str}\n@optional {backupVaultAccountId: str, nextToken: str, maxResults: int, resourceArn: str, resourceType: str, backupPlanId: str, createdBefore: str(timestamp), createdAfter: str(timestamp), parentRecoveryPointArn: str}\n@returns(200) {NextToken: str?, RecoveryPoints: [RecoveryPointByBackupVault]?}\n\n@endgroup\n\n@group legal-holds\n@endpoint GET /legal-holds/{legalHoldId}/recovery-points\n@desc This action returns recovery point ARNs (Amazon Resource Names) of the specified legal hold.\n@required {LegalHoldId: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {RecoveryPoints: [RecoveryPointMember]?, NextToken: str?}\n\n@endgroup\n\n@group resources\n@endpoint GET /resources/{resourceArn}/recovery-points/\n@desc The information about the recovery points of the type specified by a resource Amazon Resource Name (ARN).  For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.\n@required {ResourceArn: str}\n@optional {nextToken: str, maxResults: int, managedByAWSBackupOnly: bool}\n@returns(200) {NextToken: str?, RecoveryPoints: [RecoveryPointByResource]?}\n\n@endgroup\n\n@group audit\n@endpoint GET /audit/report-jobs\n@desc Returns details about your report jobs.\n@optional {ReportPlanName: str, CreationBefore: str(timestamp), CreationAfter: str(timestamp), Status: str, MaxResults: int, NextToken: str}\n@returns(200) {ReportJobs: [ReportJob]?, NextToken: str?}\n\n@endpoint GET /audit/report-plans\n@desc Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan.\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {ReportPlans: [ReportPlan]?, NextToken: str?}\n\n@endpoint GET /audit/restore-job-summaries\n@desc This request obtains a summary of restore jobs created or running within the the most recent 30 days. You can include parameters AccountID, State, ResourceType, AggregationPeriod, MaxResults, or NextToken to filter results. This request returns a summary that contains Region, Account, State, RestourceType, MessageCategory, StartTime, EndTime, and Count of included jobs.\n@optional {AccountId: str, State: str, ResourceType: str, AggregationPeriod: str, MaxResults: int, NextToken: str}\n@returns(200) {RestoreJobSummaries: [RestoreJobSummary]?, AggregationPeriod: str?, NextToken: str?}\n\n@endgroup\n\n@group restore-jobs\n@endpoint GET /restore-jobs/\n@desc Returns a list of jobs that Backup initiated to restore a saved resource, including details about the recovery process.\n@optional {nextToken: str, maxResults: int, accountId: str, resourceType: str, createdBefore: str(timestamp), createdAfter: str(timestamp), status: str, completeBefore: str(timestamp), completeAfter: str(timestamp), restoreTestingPlanArn: str}\n@returns(200) {RestoreJobs: [RestoreJobsListMember]?, NextToken: str?}\n\n@endgroup\n\n@group resources\n@endpoint GET /resources/{resourceArn}/restore-jobs/\n@desc This returns restore jobs that contain the specified protected resource. You must include ResourceArn. You can optionally include NextToken, ByStatus, MaxResults, ByRecoveryPointCreationDateAfter , and ByRecoveryPointCreationDateBefore.\n@required {ResourceArn: str}\n@optional {status: str, recoveryPointCreationDateAfter: str(timestamp), recoveryPointCreationDateBefore: str(timestamp), nextToken: str, maxResults: int}\n@returns(200) {RestoreJobs: [RestoreJobsListMember]?, NextToken: str?}\n\n@endgroup\n\n@group restore-testing\n@endpoint GET /restore-testing/plans\n@desc Returns a list of restore testing plans.\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {NextToken: str?, RestoreTestingPlans: [RestoreTestingPlanForList]}\n\n@endpoint GET /restore-testing/plans/{RestoreTestingPlanName}/selections\n@desc Returns a list of restore testing selections. Can be filtered by MaxResults and RestoreTestingPlanName.\n@required {RestoreTestingPlanName: str}\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {NextToken: str?, RestoreTestingSelections: [RestoreTestingSelectionForList]}\n\n@endgroup\n\n@group tags\n@endpoint GET /tags/{resourceArn}/\n@desc Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault.\n@required {ResourceArn: str}\n@optional {nextToken: str, maxResults: int}\n@returns(200) {NextToken: str?, Tags: map<str,str>?}\n\n@endgroup\n\n@group backup-vaults\n@endpoint PUT /backup-vaults/{backupVaultName}/access-policy\n@desc Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format.\n@required {BackupVaultName: str}\n@optional {Policy: str}\n\n@endpoint PUT /backup-vaults/{backupVaultName}/vault-lock\n@desc Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.  Backup Vault Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations. For more information about how Backup Vault Lock relates to these regulations, see the Cohasset Associates Compliance Assessment.   For more information, see Backup Vault Lock.\n@required {BackupVaultName: str}\n@optional {MinRetentionDays: int(i64), MaxRetentionDays: int(i64), ChangeableForDays: int(i64)}\n\n@endpoint PUT /backup-vaults/{backupVaultName}/notification-configuration\n@desc Turns on notifications on a backup vault for the specified topic and events.\n@required {BackupVaultName: str, SNSTopicArn: str, BackupVaultEvents: [str]}\n\n@endgroup\n\n@group restore-jobs\n@endpoint PUT /restore-jobs/{restoreJobId}/validations\n@desc This request allows you to send your independent self-run restore test validation results. RestoreJobId and ValidationStatus are required. Optionally, you can input a ValidationStatusMessage.\n@required {RestoreJobId: str, ValidationStatus: str}\n@optional {ValidationStatusMessage: str}\n\n@endgroup\n\n@group backup-jobs\n@endpoint PUT /backup-jobs\n@desc Starts an on-demand backup job for the specified resource.\n@required {BackupVaultName: str, ResourceArn: str, IamRoleArn: str}\n@optional {IdempotencyToken: str, StartWindowMinutes: int(i64), CompleteWindowMinutes: int(i64), Lifecycle: Lifecycle, RecoveryPointTags: map<str,str>, BackupOptions: map<str,str>}\n@returns(200) {BackupJobId: str?, RecoveryPointArn: str?, CreationDate: str(timestamp)?, IsParent: bool?}\n\n@endgroup\n\n@group copy-jobs\n@endpoint PUT /copy-jobs\n@desc Starts a job to create a one-time copy of the specified resource. Does not support continuous backups.\n@required {RecoveryPointArn: str, SourceBackupVaultName: str, DestinationBackupVaultArn: str, IamRoleArn: str}\n@optional {IdempotencyToken: str, Lifecycle: Lifecycle}\n@returns(200) {CopyJobId: str?, CreationDate: str(timestamp)?, IsParent: bool?}\n\n@endgroup\n\n@group audit\n@endpoint POST /audit/report-jobs/{reportPlanName}\n@desc Starts an on-demand report job for the specified report plan.\n@required {ReportPlanName: str}\n@optional {IdempotencyToken: str}\n@returns(200) {ReportJobId: str?}\n\n@endgroup\n\n@group restore-jobs\n@endpoint PUT /restore-jobs\n@desc Recovers the saved resource identified by an Amazon Resource Name (ARN).\n@required {RecoveryPointArn: str, Metadata: map<str,str>}\n@optional {IamRoleArn: str, IdempotencyToken: str, ResourceType: str, CopySourceTagsToRestoredResource: bool}\n@returns(200) {RestoreJobId: str?}\n\n@endgroup\n\n@group backup-jobs\n@endpoint POST /backup-jobs/{backupJobId}\n@desc Attempts to cancel a job to create a one-time backup of a resource. This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP, Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune.\n@required {BackupJobId: str}\n\n@endgroup\n\n@group tags\n@endpoint POST /tags/{resourceArn}\n@desc Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN). This API is supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS.\n@required {ResourceArn: str, Tags: map<str,str>}\n\n@endgroup\n\n@group untag\n@endpoint POST /untag/{resourceArn}\n@desc Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN) This API is not supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS.\n@required {ResourceArn: str, TagKeyList: [str]}\n\n@endgroup\n\n@group backup\n@endpoint POST /backup/plans/{backupPlanId}\n@desc Updates the specified backup plan. The new version is uniquely identified by its ID.\n@required {BackupPlanId: str, BackupPlan: BackupPlanInput}\n@returns(200) {BackupPlanId: str?, BackupPlanArn: str?, CreationDate: str(timestamp)?, VersionId: str?, AdvancedBackupSettings: [AdvancedBackupSetting]?}\n\n@endgroup\n\n@group audit\n@endpoint PUT /audit/frameworks/{frameworkName}\n@desc Updates the specified framework.\n@required {FrameworkName: str}\n@optional {FrameworkDescription: str, FrameworkControls: [FrameworkControl], IdempotencyToken: str}\n@returns(200) {FrameworkName: str?, FrameworkArn: str?, CreationTime: str(timestamp)?}\n\n@endgroup\n\n@group global-settings\n@endpoint PUT /global-settings\n@desc Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings.\n@optional {GlobalSettings: map<str,str>}\n\n@endgroup\n\n@group backup-vaults\n@endpoint POST /backup-vaults/{backupVaultName}/recovery-points/{recoveryPointArn}\n@desc Sets the transition lifecycle of a recovery point. The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define. Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types. Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.  If your lifecycle currently uses the parameters DeleteAfterDays and MoveToColdStorageAfterDays, include these parameters and their values when you call this operation. Not including them may result in your plan updating with null values.  This operation does not support continuous backups.\n@required {BackupVaultName: str, RecoveryPointArn: str}\n@optional {Lifecycle: Lifecycle}\n@returns(200) {BackupVaultArn: str?, RecoveryPointArn: str?, Lifecycle: Lifecycle?{MoveToColdStorageAfterDays: int(i64)?, DeleteAfterDays: int(i64)?, OptInToArchiveForSupportedResources: bool?}, CalculatedLifecycle: CalculatedLifecycle?{MoveToColdStorageAt: str(timestamp)?, DeleteAt: str(timestamp)?}}\n\n@endgroup\n\n@group account-settings\n@endpoint PUT /account-settings\n@desc Updates the current service opt-in settings for the Region. Use the DescribeRegionSettings API to determine the resource types that are supported.\n@optional {ResourceTypeOptInPreference: map<str,bool>, ResourceTypeManagementPreference: map<str,bool>}\n\n@endgroup\n\n@group audit\n@endpoint PUT /audit/report-plans/{reportPlanName}\n@desc Updates the specified report plan.\n@required {ReportPlanName: str}\n@optional {ReportPlanDescription: str, ReportDeliveryChannel: ReportDeliveryChannel, ReportSetting: ReportSetting, IdempotencyToken: str}\n@returns(200) {ReportPlanName: str?, ReportPlanArn: str?, CreationTime: str(timestamp)?}\n\n@endgroup\n\n@group restore-testing\n@endpoint PUT /restore-testing/plans/{RestoreTestingPlanName}\n@desc This request will send changes to your specified restore testing plan. RestoreTestingPlanName cannot be updated after it is created.  RecoveryPointSelection can contain:    Algorithm     ExcludeVaults     IncludeVaults     RecoveryPointTypes     SelectionWindowDays\n@required {RestoreTestingPlanName: str, RestoreTestingPlan: RestoreTestingPlanForUpdate}\n@returns(200) {CreationTime: str(timestamp), RestoreTestingPlanArn: str, RestoreTestingPlanName: str, UpdateTime: str(timestamp)}\n\n@endpoint PUT /restore-testing/plans/{RestoreTestingPlanName}/selections/{RestoreTestingSelectionName}\n@desc Updates the specified restore testing selection. Most elements except the RestoreTestingSelectionName can be updated with this request. You can use either protected resource ARNs or conditions, but not both.\n@required {RestoreTestingPlanName: str, RestoreTestingSelectionName: str, RestoreTestingSelection: RestoreTestingSelectionForUpdate}\n@returns(200) {CreationTime: str(timestamp), RestoreTestingPlanArn: str, RestoreTestingPlanName: str, RestoreTestingSelectionName: str, UpdateTime: str(timestamp)}\n\n@endgroup\n\n@end\n"}}