Description:
This policy ensures that all Amazon Web Services (AWS) backups are disposed of in a secure manner. This helps to protect sensitive data from being exposed in the event of a data breach.
Rationale:
Having a backup disposal policy in place helps to protect sensitive data from being exposed in the event of a data breach. If backups are not disposed of properly, they could be accessed by unauthorized individuals.
Impact:
If backups are not disposed of properly, sensitive data could be exposed, which could lead to identity theft, financial loss, or other negative consequences.
Default Value:
AWS does not have a default policy for ensuring that backups are disposed of in a secure manner. However, it is a good practice to implement this policy as part of your overall data security plan.
Pre-requisites:
- You must have access to the AWS console.
- You must have the AWS CLI installed and configured.
Remediation Steps:
- Log in to the AWS console.
- Select the AWS resource that you want to modify.
- Click the Permissions tab.
- Click the Add button next to Users.
- Enter the IAM user or role that you want to give backup disposal access to.
- Click the Add button.
Test Plan:
- Verify that the IAM user or role that you gave backup disposal access to can delete the backups for the AWS resource.
Implementation Plan:
- Create a new AWS IAM policy that allows users to delete backups.
- Attach the new policy to the IAM users who need to be able to delete backups.
- Verify that the IAM users who need to be able to delete backups can actually do so.
AWS CLI Process:
aws iam put-user-policy --user-name my-user --policy-name BackupDisposal --policy-document '{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:DeleteObject" ], "Resource": "*" } ] }'
Using AWS GUI:
- Log in to the AWS console.
- Select the IAM console.
- Click the Users tab.
- Select the IAM user that you want to give backup disposal access to.
- Click the Permissions tab.
- Click the Add Permissions button.
- Select the Attach existing policy option.
- Select the BackupDisposal policy.
- Click the Attach button.
Backout Plan:
- Delete the AWS IAM policy that allows users to delete backups.
Note:
- You can also use the AWS CLI to add permissions to IAM users.
- For more information, see the AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.
Reference:
- AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
Tags and Keywords:
- backup
- disposal
- security
- compliance