Description:

This policy ensures that all Amazon Web Services (AWS) backups are disposed of in a secure manner. This helps to protect sensitive data from being exposed in the event of a data breach.

Rationale:

Having a backup disposal policy in place helps to protect sensitive data from being exposed in the event of a data breach. If backups are not disposed of properly, they could be accessed by unauthorized individuals.

Impact:

If backups are not disposed of properly, sensitive data could be exposed, which could lead to identity theft, financial loss, or other negative consequences.

Default Value:

AWS does not have a default policy for ensuring that backups are disposed of in a secure manner. However, it is a good practice to implement this policy as part of your overall data security plan.

Pre-requisites:

  • You must have access to the AWS console.
  • You must have the AWS CLI installed and configured.

Remediation Steps:

  1. Log in to the AWS console.
  2. Select the AWS resource that you want to modify.
  3. Click the Permissions tab.
  4. Click the Add button next to Users.
  5. Enter the IAM user or role that you want to give backup disposal access to.
  6. Click the Add button.

Test Plan:

  1. Verify that the IAM user or role that you gave backup disposal access to can delete the backups for the AWS resource.

Implementation Plan:

  1. Create a new AWS IAM policy that allows users to delete backups.
  2. Attach the new policy to the IAM users who need to be able to delete backups.
  3. Verify that the IAM users who need to be able to delete backups can actually do so.

AWS CLI Process:

aws iam put-user-policy --user-name my-user --policy-name BackupDisposal --policy-document '{    "Version": "2012-10-17",    "Statement": [        {            "Effect": "Allow",            "Action": [                "s3:DeleteObject"            ],            "Resource": "*"        }    ] }'

Using AWS GUI:

  1. Log in to the AWS console.
  2. Select the IAM console.
  3. Click the Users tab.
  4. Select the IAM user that you want to give backup disposal access to.
  5. Click the Permissions tab.
  6. Click the Add Permissions button.
  7. Select the Attach existing policy option.
  8. Select the BackupDisposal policy.
  9. Click the Attach button.

Backout Plan:

  1. Delete the AWS IAM policy that allows users to delete backups.

Note:

  • You can also use the AWS CLI to add permissions to IAM users.
  • For more information, see the AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html.

Reference:

  • AWS IAM documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html

Tags and Keywords:

  • backup
  • disposal
  • security
  • compliance