1 Answer
- Newest
- Most votes
- Most comments
0
Short answer is to restrict which can "backup:DeleteBackupVaultLockConfiguration" https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsbackup.html#:~:text=DeleteBackupVaultLockConfiguration
Probably want to layer an Organizational SCP with DENY with condition ArnNotEquals for the arn of the user who you allow to delete the vault lock.
answered a year ago
Relevant content
- Accepted Answerasked 4 years ago
- Accepted Answerasked 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago