EFS Restore backup access denied

Question

When trying to restore File system from AWS Backup I'm getting the following error:

Access Denied
Insufficient privileges to perform this action. Please consult with the account administrator for necessary permissions.

This is weird since I have AdministratorAccess under my AWS user:

The file system created by running the CLI command:

aws efs create-file-system

In addition, I followed EKSWorkshop to create the EFS.

Any help will be much appreciated.

score 14 · Accepted Answer · edited Aug 29 '20 at 09:06

14

If you change the policy on the backup vault screen you can start the restore.

It's deny by default.

For example, it works:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "backup:DeleteBackupVault",
                "backup:DeleteBackupVaultAccessPolicy",
                "backup:DeleteRecoveryPoint",
                "backup:StartCopyJob",
                "backup:StartRestoreJob",
                "backup:UpdateRecoveryPointLifecycle"
            ],
            "Resource": "*"
        }
    ]
}

edited Aug 29 '20 at 09:06

Amit Baranes

7,398
2
31
53

answered Aug 27 '20 at 19:20

Tiago Antonio Vilas Boas

156
1
2

It should be noted that simply changing the effect to `Allow` will allow any AWS principal to start a restore of any of the recovery points in the vault. Or worse yet, to delete recovery points. This could have serious data protection, GDPR or even regulatory implications. – David Gard Mar 22 '23 at 15:56

EFS Restore backup access denied

1 Answers1