Ensure that an Amazon Backup vault access policy is configured to prevent the deletion (accidentally or intentionally) of AWS backups in the backup vault. A backup vault is a container used to organize AWS backups.
This rule resolution is part of the Cloud Conformity solution
The ability to delete recovery points (i.e. backups) stored within your AWS Backup vaults is determined by the permissions that you grant to your users. You can enforce deletion protection and restrict deleting recovery points by configuring the resource-based access policies associated with your vaults.
To determine the configuration of the access policies associated with your Amazon Backup vaults, perform the following actions:
Remediation / Resolution
The resource-based access policy associated with an AWS vault allows you to specify who has access to the backups within that vault and what actions they can perform on these backups. To define and implement an access policy that denies all users the ability to delete existing or future backups inside a backup vault, perform the following actions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Configure AWS Backup Vault Access Policy
Risk level: High