mongodb · rakhul-mongo · Jan 29, 2026 · Jan 16, 2026 · Jan 20, 2026 · Jan 21, 2026
@@ -15,6 +15,7 @@ jobs:
      alert-configuration: ${{ steps.filter.outputs.alert-configuration }}
      api-key: ${{ steps.filter.outputs.api-key }}
      auditing: ${{ steps.filter.outputs.auditing }}
+     backup-compliance-policy: ${{ steps.filter.outputs.backup-compliance-policy }}
      cloud-backup-restore-jobs: ${{ steps.filter.outputs.cloud-backup-restore-jobs }}
      cluster-outage-simulation: ${{ steps.filter.outputs.cluster-outage-simulation }}
      federated-database-instance: ${{ steps.filter.outputs.federated-database-instance }}
@@ -48,6 +49,8 @@ jobs:
           - 'cfn-resources/api-key/**'
         auditing:
           - 'cfn-resources/auditing/**'
+        backup-compliance-policy:
+          - 'cfn-resources/backup-compliance-policy/**'
         cloud-backup-restore-jobs:
           - 'cfn-resources/cloud-backup-restore-jobs/**'
         cluster-outage-simulation:
@@ -243,7 +246,48 @@ jobs:
        cat inputs/inputs_1_update.json
        cat inputs/inputs_2_create.json
        cat inputs/inputs_2_update.json
-
+
+       make run-contract-testing
+       make delete-test-resources
+  backup-compliance-policy:
+    needs: change-detection
+    if: ${{ needs.change-detection.outputs.backup-compliance-policy == 'true' }}
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
+    - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+      with:
+        go-version-file: 'cfn-resources/go.mod'
+    - name: setup Atlas CLI
+      uses: mongodb/atlas-github-action@e3c9e0204659bafbb3b65e1eb1ee745cca0e9f3b
+    - uses: aws-actions/setup-sam@c2a20b1822cc4a6bc594ff7f1dbb658758e383c3
+      with:
+       use-installer: true
+    - uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TEST_ENV }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TEST_ENV }}
+        aws-region: eu-west-1
+    - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
+      with:
+        python-version: '3.9'
+        cache: 'pip' # caching pip dependencies
+    - run: pip install cloudformation-cli cloudformation-cli-go-plugin
+    - name: Run the Contract test
+      shell: bash
+      env:
+       MONGODB_ATLAS_PUBLIC_API_KEY: ${{ secrets.CLOUD_DEV_PUBLIC_KEY }}
+       MONGODB_ATLAS_PRIVATE_API_KEY: ${{ secrets.CLOUD_DEV_PRIVATE_KEY }}
+       MONGODB_ATLAS_ORG_ID: ${{ secrets.CLOUD_DEV_ORG_ID }}
+       MONGODB_ATLAS_OPS_MANAGER_URL: ${{ vars.MONGODB_ATLAS_BASE_URL }}
+       MONGODB_ATLAS_PROFILE: cfn-cloud-dev-github-action
+      run: |
+       cd cfn-resources/backup-compliance-policy
+       make create-test-resources
+
+       cat inputs/inputs_1_create.json
+       cat inputs/inputs_1_update.json
+
        make run-contract-testing
        make delete-test-resources
   cloud-backup-restore-jobs:

@@ -0,0 +1,12 @@
+{
+  "typeName": "MongoDB::Atlas::BackupCompliancePolicy",
+  "language": "go",
+  "runtime": "provided.al2",
+  "entrypoint": "bootstrap",
+  "testEntrypoint": "bootstrap",
+  "settings": {
+    "import_path": "github.com/mongodb/mongodbatlas-cloudformation-resources/backup-compliance-policy",
+    "protocolVersion": "2.0.0",
+    "pluginVersion": "2.0.4"
+  }
+}
@@ -0,0 +1,33 @@
+.PHONY: build test clean
+tags=logging callback metrics scheduler
+cgo=0
+goos=linux
+goarch=amd64
+CFNREP_GIT_SHA?=$(shell git rev-parse HEAD)
+ldXflags=-s -w -X github.com/mongodb/mongodbatlas-cloudformation-resources/util.defaultLogLevel=info -X github.com/mongodb/mongodbatlas-cloudformation-resources/version.Version=${CFNREP_GIT_SHA}
+ldXflagsD=-X github.com/mongodb/mongodbatlas-cloudformation-resources/util.defaultLogLevel=debug -X github.com/mongodb/mongodbatlas-cloudformation-resources/version.Version=${CFNREP_GIT_SHA}
+
+build:
+	cfn generate
+	env GOOS=$(goos) CGO_ENABLED=$(cgo) GOARCH=$(goarch) go build -ldflags="$(ldXflags)" -tags="$(tags)" -o bin/bootstrap cmd/main.go
+
+debug:
+	cfn generate
+	env GOOS=$(goos) CGO_ENABLED=$(cgo) GOARCH=$(goarch) go build -ldflags="$(ldXflagsD)" -tags="$(tags)" -o bin/bootstrap cmd/main.go
+
+clean:
+	rm -rf bin
+
+create-test-resources:
+	@echo "==> Creating test files for contract testing"
+	./test/contract-testing/cfn-test-create.sh
+
+delete-test-resources:
+	@echo "==> Delete test resources used for contract testing"
+	./test/contract-testing/cfn-test-delete.sh
+
+run-contract-testing:
+	@echo "==> Run contract testing"
+	make build
+	sam local start-lambda &
+	cfn test --function-name TestEntrypoint --verbose
@@ -0,0 +1,18 @@
+# MongoDB::Atlas::BackupCompliancePolicy
+
+## Description
+
+Resource for managing [Backup Compliance Policy](https://www.mongodb.com/docs/api/doc/atlas-admin-api-v2/group/endpoint-cloud-backups/operation/updateCompliancePolicy). Backup Compliance Policy prevents any user, regardless of role, from modifying or deleting specific cluster settings, backups, and backup configurations. When enabled, the Backup Compliance Policy will be applied as the minimum policy for all clusters and backups in the project.
+
+## Requirements
+
+To securely give CloudFormation access to your Atlas credentials, you must
+set up an [AWS Profile](/README.md#mongodb-atlas-api-keys-credential-management).
+
+## Attributes and Parameters
+
+See the [resource docs](docs/README.md).
+
+## Cloudformation Examples
+
+See the examples [CFN Template](/examples/backup-compliance-policy/README.md) for example resource.