Description:

This policy ensures that all Amazon Web Services (AWS) resources have backup access by someone on the team. This helps to ensure that backups can be restored in the event of a disaster or other incident.

Rationale:

Having backup access by someone on the team helps to ensure that backups can be restored in the event of a disaster or other incident. If only one person has access to the backups, and that person is unavailable, then the backups may not be able to be restored.

Impact:

If backups cannot be restored, then the data that is stored on the AWS resources may be lost. This could have a significant impact on the business, as the data may be irreplaceable.

Default Value:

AWS does not have a default policy for ensuring that backups have access by someone on the team. However, it is a good practice to implement this policy as part of your overall disaster recovery plan.

Pre-requisites:

  • You must have access to the AWS console.
  • You must have the AWS CLI installed and configured.

Remediation Steps:

  1. Log in to the AWS console.
  2. Select the AWS resource that you want to modify.
  3. Click the Permissions tab.
  4. Click the Add button next to Users.
  5. Enter the IAM user or role that you want to give backup access to.
  6. Click the Add button.

Test Plan:

  1. Verify that the IAM user or role that you gave backup access to can restore the backups for the AWS resource.

Implementation Plan:

  1. Create a new AWS IAM policy that allows users to restore backups.
  2. Attach the new policy to the IAM users who need to be able to restore backups.
  3. Verify that the IAM users who need to be able to restore backups can actually do so.

AWS CLI Process:

aws iam put-user-policy --user-name my-user --policy-name BackupAccess --policy-document '{    "Version": "2012-10-17",    "Statement": [        {            "Effect": "Allow",            "Action": [                "s3:Get*",                "s3:List*",                "s3:RestoreObject"            ],            "Resource": "*"        }    ] }'

Using AWS GUI:

  1. Log in to the AWS console.
  2. Select the IAM console.
  3. Click the Users tab.
  4. Select the IAM user that you want to give backup access to.
  5. Click the Permissions tab.
  6. Click the Add Permissions button.
  7. Select the Attach existing policy option.
  8. Select the BackupAccess policy.
  9. Click the Attach button.

Backout Plan:

  1. Delete the AWS IAM policy that allows users to restore backups.

Note:

  • You can also use the AWS CLI to add permissions to IAM users.
  • For more information, see the AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.

Reference:

  • AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Tags and Keywords:

  • backup
  • access
  • team
  • disaster recovery