Disable automatic backups in RDS and EFS

There's no direct feature provided by AWS to disable automated backups for RDS and EFS at the organization level. These settings are typically managed at the individual service level (RDS, EFS, etc.) during the creation of each instance. There also aren't service control policies (SCPs) that directly control these settings.

However, using AWS Config along with custom AWS Lambda functions, you could potentially create a system that automatically turns off automatic backups whenever a new RDS or EFS instance is created.

Here is a rough outline of how you might achieve this:

• Set up AWS Config to track changes in your AWS environment.

• Create AWS Config rules that trigger whenever a new RDS instance or EFS is created.

• When such a rule is triggered, have AWS Config execute a custom AWS Lambda function.

• This AWS Lambda function would then use the AWS SDK to modify the settings of the new RDS or EFS instance and turn off automatic backups.

Remember that this approach would require appropriate permissions for the Lambda function to be able to modify RDS and EFS instances.

Additionally, you could use IAM to limit the permissions of end users such that they cannot enable automated backups on these services. However, this would also restrict their ability to manage other aspects of these services and may not be suitable depending on your organization's needs.

Keep in mind that this information is based on the AWS features available as of September 2021, and AWS frequently releases new features and capabilities. Please check the latest AWS documentation or consult with AWS Support for the most current solutions.