This guide outlines how to integrate Elastio with AWS Backup for ransomware protection of your backups. By configuring backup plans and granting Elastio access to Customer Managed Keys (CMKs), you can automate zero-day ransomware detection, insider threat encryption detection and malware scanning, ensuring your recovery points are secure and recoverable.
Contents
Edit AWS Backup Plan
To integrate Elastio with AWS Backup and ensure your backups are automatically scanned, follow these steps:
-
Create a Backup Plan:
- Navigate to the AWS Backup console and click the Create backup plan button.
- Configure your backup plan as needed.
- Navigate to the AWS Backup console and click the Create backup plan button.
-
Add Elastio Scan Tags:
- In the Tags added to recovery points (optional) section, add the tag
elastio:action=scan
. This tag instructs Elastio to scan all recovery points created by this backup plan for ransomware and malware. - (Optional) To enable specific scans or entropy detection, add an additional tag:
- To enable only ransomware detection in the backups, add an additional tag
elastio:scans=ransomware
. - To enable only malware detection in the backups, add an additional tag
elastio:scans=malware
. - To enable ransomware, malware, and entropy detection in the backups, add an additional tag
elastio:scans=entropy ransomware malware
.
- To enable only ransomware detection in the backups, add an additional tag
- In the Tags added to recovery points (optional) section, add the tag
-
Finalize the Plan:
- After adding the tag, click Create plan to save your backup plan.
With this configuration, Elastio will automatically scan all EC2 and EBS recovery points created by AWS Backup. For S3, EFS and VMWare recovery points, Elastio performs scans as part of a restore test plan.