How do I delete recovery points in an EXPIRED state in AWS Backup?

2 minute read

I can’t delete recovery points that are stuck in an EXPIRED state in AWS Backup.

Resolution

AWS Backup automatically deletes recovery points based on the lifecycle retention period defined in the backup plan or backup job. If AWS Backup can't remove recovery points, then recovery points remain in an EXPIRED state.

To delete a recovery point that's stuck in an EXPIRED state, update the permissions of your AWS Identity and Access Management (IAM) role for your recovery point. Or, you can manually delete a recovery point at any time if you have the DeleteRecoveryPoint permissions.

Note: If the IAM role for your recovery point no longer exists, then create a new IAM role for the recovery point. AWS Backup removes recovery points only if the IAM role has the required permissions to delete recovery points for the respective resource types. For more information on the required permissions, see AWSBackupServiceRolePolicyForBackup.

To update the permissions of your IAM role, complete the following steps:

Open the IAM console.
In the navigation pane, choose Policies.
Select the policy for the recovery point that's stuck in an EXPIRED state.
On the Permissions tab for your policy, choose JSON, and then choose Edit.

Attach the following permissions to your IAM role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "backup:DeleteRecoveryPoint",
                "backup:DescribeRecoveryPoint"
            ],
             "Resource": "arn:aws:backup:*:*:backup-vault:*"
        }
    ]
}

Note: If you use an Amazon Simple Storage Service (Amazon S3) backup, then also attach the policies AWSBackupServiceRolePolicyForS3Backup and AWSBackupServiceRolePolicyForS3Restore to your IAM role.

Choose Save changes.

Note: To delete a recovery point from a backup vault in AWS Backup, you must have the backup:DeleteRecoveryPoint permission in your IAM role. For more information, see How do I delete a recovery point from a backup vault in AWS Backup?

Topics: Storage
Tags: AWS Backup
Language: English

AWS OFFICIALUpdated 4 months ago

No comments

Relevant content

Enabling continuous backup failed, because of the following error: Recovery Point is in state DELETING, and can not be updated
Jan Groschopp
asked a year ago
What exactly happens when an S3 Continuous backup Recovery point expires?
rePost-User-6910154
asked 3 years ago
Expired s3 Backup Recovery Point
Anis
asked 4 years ago
delete multiple Amazon Backup Recovery Points
BTS-Administrator
asked 2 years ago
Cannot deregister AMIs even whithout recovery points
rePost-User-8775775
asked 3 years ago
How do I delete a recovery point from a backup vault in AWS Backup?
AWS OFFICIALUpdated 3 years ago
How do I find the missing destination recovery points for my on-demand backup copy in AWS Backup?
AWS OFFICIALUpdated 4 months ago
How do I delete recovery points that are under a legal hold or stored in a locked backup vault for AWS Backup?
AWS OFFICIALUpdated 5 months ago
Why can’t I delete my AWS Backup recovery points?
AWS OFFICIALUpdated 4 months ago
Configuring Cross-Region Disaster Recovery for Amazon EKS with AWS Backup
EXPERT
Minseo Kim
published 3 months ago