AWS Backup using CloudFormation

Question

Although I have full administrator access, I am facing the below error while importing a JSON file into my CloudFormation stack:

Resource handler returned message: "Insufficient privileges to perform this action. (Service: Backup, Status Code: 403, Request ID: ccbc62b1-0e6c-4713-93fb-f3e911883744)" (RequestToken: 973c8d39-07a6-02b7-317a-781aeebf5c7d, HandlerErrorCode: GeneralServiceException)

`{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Resources": {
        "AWSBackupEFSPlan": {
            "DeletionPolicy": "Retain",
            "Type": "AWS::Backup::BackupPlan",
            "Properties": {
                "BackupPlan": {
                    "AdvancedBackupSettings": [
                        {
                            "BackupOptions": {
                                "WindowsVSS": "disabled"
                            },
                            "ResourceType": "EFS"
                        }
                    ],
                    "BackupPlanName": "aws/efs/automatic-backup-plan",
                    "BackupPlanRule": [
                        {
                            "CompletionWindowMinutes": 180,
                            "CopyActions": [
                                {
                                    "DestinationBackupVaultArn": "arn:aws:backup:::backup-vault:Default",
                                    "Lifecycle": {
                                        "DeleteAfterDays": 14
                                    }
                                }
                            ],
                            "EnableContinuousBackup": false,
                            "Lifecycle": {
                                "DeleteAfterDays": 7
                            },
                            "RecoveryPointTags": {
                                "Environment": "Production",
                                "Component": "Elastic File System",
                                "Application": "GHI/GHLAD"
                            },
                            "RuleName": "aws/efs/automatic-backup-rule",
                            "ScheduleExpression": "cron(0 5 ? * * *)",
                            "ScheduleExpressionTimezone": "Asia/Beirut",
                            "StartWindowMinutes": 60,
                            "TargetBackupVault": "aws/efs/automatic-backup-vault"
                        }
                    ]
                }
            }
        }
    }
}`

Accepted Answer

Hello.

The backup vault "aws/efs/automatic-backup-vault" is for EFS' default automatic backup, so I don't think it can be imported into CloudFormation etc.  
The backup plan "aws/efs/automatic-backup-plan" is probably managed by AWS, so I don't think it can be managed by CloudFormation.  
https://repost.aws/knowledge-center/efs-disable-automatic-backups  
https://docs.aws.amazon.com/aws-backup/latest/devguide/create-auto-backup.html  
> The Amazon EFS automatic backup vault aws/efs/automatic-backup-vault is reserved for those automatic backups only. If you use it as a destination for other backup plans, you will receive an "insufficient privileges" error.

AWS Backup using CloudFormation

Relevant content