A Backup Vault will allow administrators to store backups in an organized location with encryption options using AWS Key Management Service (KMS) keys. There is a default backup vault, but for each additional vault created, an encryption key will need to be set. For more information, see the AWS documentation.
References:
https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
All new backup vaults require encryption by default, however the encryption key specifically used can be selected only when a new vault is created. To create a new vault:
In AWS Console -
In Terraform -
For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault