Description

AWS Backup is a fully-managed service that protects data across AWS services. We identified a Backup vault '{AwsBackupVault}' which does not contain policy. Policy associated with an identity, defines their permissions, in backup vault case, the ability to restore, update and delete actions. The best practice is to ensure backup vaults have a policy configured to prevent unintentional deletion.

• 

  Recommended Mitigation

  To enhance reliability, It is recommended to configure a policy for each Backup vault. Add a custom policy to a Backup vault. More details can be found in https://docs.aws.amazon.com/aws-backup/latest/devguide/creating-a-vault-access-policy.html