I configured AWS Backup in CDK to enable continuous backups for s3 buckets with this configuration :
Later I deleted the stack in CDK and ,as expected, all the resources were deleted except for the vault that was orphaned.
The problem happens when trying to delete the recovery points inside the vault, I get back the status as Expired
with a message Insufficient permission to delete recovery point
.
- I am logged in as a user with AdministratorAccess
- I changed the access policy of the vault to allow anyone to delete the vault / recovery point
- even when logged as the root of the account, I still get the same message.
- For reference, this is aws managed policy attached to my user :
AdministratorAccess
, it Allows (325 of 325 services) including AWS Backup obviously.
- Here's the vault access policy that I set :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"backup:DeleteBackupVault",
"backup:DeleteBackupVaultAccessPolicy",
"backup:DeleteRecoveryPoint",
"backup:StartCopyJob",
"backup:StartRestoreJob",
"backup:UpdateRecoveryPointLifecycle"
],
"Resource": "*"
}
]
}
Any ideas what I'm missing here ?
**Update ** :
- A full week after creating the backup recovery point, and still unable to delete it.
- I tried deleting it from the AWS CLI but no luck.
- I tried suspending the versioning for the bucket in question and tried, but no luck too.
Have a similar issue:
This is now a showstopper for me, because the the manually created backup plan has already been deleted, but the new one has not yet started to work properly.
Was a solution for this ever found? What happens after "delete after" date is reached/passed?