Ensure that an Amazon Backup vault access policy is configured to prevent the deletion (accidentally or intentionally) of AWS backups in the backup vault. A backup vault is a container used to organize AWS backups.
This rule resolution is part of the Cloud Conformity solution
The ability to delete recovery points (i.e. backups) stored within your AWS Backup vaults is determined by the permissions that you grant to your users. You can enforce deletion protection and restrict deleting recovery points by configuring the resource-based access policies associated with your vaults.
To determine the configuration of the access policies associated with your Amazon Backup vaults, perform the following actions:
Remediation / Resolution
The resource-based access policy associated with an AWS vault allows you to specify who has access to the backups within that vault and what actions they can perform on these backups. To define and implement an access policy that denies all users the ability to delete existing or future backups inside a backup vault, perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Configure AWS Backup Vault Access Policy
Risk level: High