Governance Policies

Governance policies can be used for recurring actions on your AWS account in for the form of automating backups, stopping/starting ec2 instances, or importing auditing data from CloudTrail.

To get started, navigate to Cloud Manager -> Governance to create new policies.

Governance Policies - Backup

Backup policies can be used to schedule the backup and retention your EC2 Instances, EBS Volumes, and RDS Instances.

Select one of the governance policies to create.

  • EC2 Instances
  • EBS Volumes
  • RDS Instances

  • Set the policy as Active and set the policy Name.

  • The Server Backup policy will have an option for Only Running Servers. This will keep backups from happening on stopped EC2 Instances.

  • Next set the Title and Description formats for naming of the backups. Each backup policy type will include a different set of variables for use in your policy title and description.

  • Next set the Timezone for the policy to run in.
  • The Period can be set to Daily, Weekly, or Monthly options.
  • Next set the Time for the backup to run.
  • Lastly, set the Retenion period of the backups. This can be set in number of Days, Weeks, or Sum total of backups.
  • Click Create

  • Find your newly created policy in the list, and select the Assignment button.

  • Select the EC2 Instance, RDS Database, or EBS Volume from the list to assign to the policy. Optionally you can also leverage resource groups based off AWS tagging to auto inherit backup policies on your servers.

Resource Groups

Resource groups are logical collections of cloud assets like EC2 Instances, RDS databases, S3, buckets, and ELB's for the purpose of detailed billing and assigning governance policies, like automated backups.

Resource groups rely on AWS Tagging, and can be used to assign Governance Policies across regions, AWS Accounts, and even into GovCloud accounts.

Resource Groups - Naming Convention

To enable resource groups for the purposes of assigning governance policies or detailed billing. Please use the following format for the AWS Tags creation:

Key = vnoc-rsg

Value = YourResourceGroupName