Aws Delete Recovery Points Allowed
Description
Detects AWS Backup vaults that don't explicitly deny the deletion of recovery points through their access policies. This poses a security risk as it could allow unauthorized deletion of backup recovery points, potentially compromising your backup retention and disaster recovery capabilities.
Detection Strategy
• Reports a vulnerability when an AWS Backup vault has no access policy configured
• Reports a vulnerability when a Backup vault's access policy lacks a 'Deny' statement for the 'backup:DeleteRecoveryPoint' action that applies to all principals ('*' or {'AWS': '*'})
• Checks each Backup vault in the specified AWS region to ensure recovery points are protected from deletion through explicit deny policies
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.