Detections
Analytics

Ensure wildcards(*) are not used in IAM policies for AWS Backup Vault Policy

MEDIUM

Description

Using IAM policies attached to AWS Backup Vault Policy with wildcards could lead to unauthorized access.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the Backup Console.
  2. Under Backup Vaults, select the backup vault that you want to update.
  3. Under Access policy, edit any have have a wildcard (*) included with an Effect set to Allow.
  4. Select Save policy.

In Terraform -

  1. For the aws_backup_vault_policy resource, set the Policy Statement appropriately.

For more information, see the AWS or Terraform documentation.
References:
https://docs.aws.amazon.com/aws-backup/latest/devguide/vaults.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_vault_policy

Policy Details

Rule Reference ID: AC_AWS_0402
CSP: AWS
Remediation Available: Yes
Domain: Infrastructure Security
Resource: aws_backup_vault_policy
Resource Category: Storage
Resource Type: Backup Vault

Frameworks