Unable to create new backup vault

Question

Hi,
I have administrator permissions and still I am unable to create a new backup vault, in the console the error msg shown as below

Access denied: Insufficient privileges to perform this action. Please consult with the account administrator for necessary permissions.

I have below permission:
AWSBackupFullAccess, AdministratorAccess, PowerUserAccess and a customer policy with below 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "backup:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "backup-storage:*",
                "backup-storage:MountCapsule"
            ],
            "Resource": "*"
        }
    ]
}

Answer

Usually  AdministratorAccess and AWSBackupFullAccess permissions should typically be sufficient to create a backup vault.  You can further check below
1. Check the permissions boundary for the user or role: If your IAM user or role has a permissions boundary set, it could be limiting the permissions. Double-check the permissions boundary and ensure it does not impose any unnecessary restrictions. You can find more information on permissions boundaries here: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
2. Check for Service Control Policies (SCPs): As mentioned earlier, if you are using AWS Organizations with SCPs, double-check that there are no SCPs in place restricting your permissions beyond what's available in your IAM policies. The SCP documentation provides more information on how to manage SCPs: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html

Unable to create new backup vault

相關內容