turbot/aws_compliance
Loading controls...

Control: Backup recovery points manual deletion should be disabled

Description

Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. The rule is non-compliant if the Backup Vault does not have resource-based policies or has policies without a suitable 'Deny' statement.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.backup_recovery_point_manual_deletion_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.backup_recovery_point_manual_deletion_disabled --share

SQL

This control uses a named query:

backup_recovery_point_manual_deletion_disabled

Tags