{"results":[{"id":"aurora-continuous-backup-snapshots-free-within-retention","text":"Aurora continuous backup snapshots within the configured retention period (up to 35 days) incur no storage charge; snapshots kept beyond that window are charged as full backups.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-dynamodb-cross-account-cross-region","text":"AWS Backup enables cross-account and cross-Region backup copying for DynamoDB — native DynamoDB on-demand backups do not support this.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-dynamodb-opt-in-per-account-region","text":"AWS Backup requires explicit opt-in per account and per Region before it can manage DynamoDB backups.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-first-backup-full-subsequent-incremental","text":"AWS Backup performs a full copy for the first backup of a resource; subsequent backups are incremental (changes only), reducing storage costs.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-plan-defines-schedule-lifecycle-retention","text":"An AWS Backup backup plan is a policy expression that defines backup schedule, lifecycle transitions, and retention for assigned AWS resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-scheduled-backups-not-native-dynamodb","text":"Scheduled automatic backups of DynamoDB tables require AWS Backup — this capability is not available natively in DynamoDB.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-vault-independent-kms-key","text":"Backups stored in AWS Backup vaults can use a KMS key independent from the source resource's (e.g., DynamoDB table's) encryption key.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-vault-lock-worm-immutability","text":"AWS Backup Vault Lock provides WORM (write-once-read-many) immutability, protecting backups against both accidental and malicious deletion, recovery period changes, or lifecycle modifications.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"aws-backup-window-optimized-by-default","text":"AWS Backup optimizes the backup window by default; it can be customized via the console or programmatically.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-air-gapped-vault-all-charges-to-backup","text":"AWS Backup Logically Air-Gapped Vaults shift all backup charges to the AWS Backup bill regardless of whether the resource supports full AWS Backup management.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-aurora-neptune-documentdb-always-require-opt-in","text":"Aurora, Neptune, and Amazon DocumentDB always require explicit AWS Backup service opt-in — they are exceptions to the rule that explicitly assigned resource types bypass opt-in settings.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cloudtrail-service-events-not-api-calls","text":"AWS Backup generates CloudTrail events that are not tied to public API calls (e.g., `BackupJobCompleted` has eventType `AwsServiceEvent`, not `AwsApiCall`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cloudwatch-namespace-aws-backup","text":"AWS Backup publishes metrics to CloudWatch under the `AWS/Backup` namespace with a 5-minute update interval.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cold-storage-90-day-minimum-immutable","text":"AWS Backup cold storage has a minimum retention of 90 days, which cannot be changed after transition; the total retention period must exceed the cold storage transition value by more than 90 days.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cold-storage-minimum-90-days-beyond-warm","text":"AWS Backup cold storage requires a minimum 90-day retention beyond the warm-to-cold transition point; `DeleteAfterDays` must be at least `MoveToColdStorageAfterDays + 90`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-completed-with-issues-console-only","text":"The \"Completed with issues\" backup job status exists only in the AWS Backup console and is not trackable via CloudWatch metrics.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-continuous-pitr-retention-1-to-35-days","text":"AWS Backup continuous backups (PITR) have a retention limit of 1–35 days and cannot be scheduled with cron expressions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-copy-job-uses-destination-vault-dimension","text":"AWS Backup copy job CloudWatch metrics use the destination vault name (not source) as their vault dimension.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cross-account-aws-managed-key-not-supported","text":"Cross-account AWS Backup copies require customer managed KMS keys for resources not fully managed by AWS Backup — AWS managed keys cannot be used because their key policies are immutable and cannot be shared.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"backup-cross-account-copy-billing-differs-by-management","text":"For AWS Backup cross-account/cross-Region copies, fully managed resources bill data transfer to the source account, while non-fully managed resources bill to the destination account.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":129,"limit":20,"offset":0}