How can I turn off automatic backups in Amazon EFS and remove the stored backup data?

2 minute read
0

I want to turn off the automatic backup feature on my Amazon Elastic File System (Amazon EFS), and remove previously backed up data.

Short description

By default, Amazon EFS automatically creates backups of your data. The backed-up data is stored as a recovery point that's available through AWS Backup. If you try to remove the recovery point, then you receive the following error message: "Access Denied: Insufficient privileges to perform this action. Please consult with the account administrator for necessary permissions."

Warning: It's a best practice to keep automatic backups turned on. If you accidentally delete your data, then the automatic backup restores your file system content to the date of the last recovery point created.

To edit your EFS policies, you must have AWS Identity and Access Management (IAM) permissions. To revise IAM policy settings, use an IAM user with administrator permissions. For more information, see Allow all IAM actions (admin access).

Resolution

Turn off the automatic backup feature

For information about how to turn off automatic backups, see Turning automatic backups on or off for existing file systems.

Delete the recovery point

  1. Open the AWS Backup console.

  2. Select aws/efs/automatic-backup-vault.

  3. In the following access policy, change Deny to Allow:

    {    "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Deny",
                "Principal": {
                    "AWS": "arn:aws:iam::[AccountID]:root"
                },
                "Action": [
                    "backup:DeleteBackupVault",
                    "backup:DeleteBackupVaultAccessPolicy",
                    "backup:DeleteRecoveryPoint", 
                    "backup:StartCopyJob",
                    "backup:StartRestoreJob",
                    "backup:UpdateRecoveryPointLifecycle" 
                ],
                "Resource": "*"
            } 
        ]
    }

    Note: Replace arn with the ARN of your IAM user and Account ID with your AWS account ID. When you change Deny to Allow, the user can perform any listed delete actions. To allow specific delete permissions, adjust the policy.

  4. Choose Attach Policy.

  5. Select the Recovery Point that you want to delete, and then choose Delete.
    Note: You can't delete the default backup plan or the automatic backup vault.

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago