Search code examples
amazon-web-servicesamazon-efs

EFS Restore backup access denied

When trying to restore File system from AWS Backup I'm getting the following error:

Access Denied
Insufficient privileges to perform this action. Please consult with the account administrator for necessary permissions.

enter image description here

This is weird since I have AdministratorAccess under my AWS user:

enter image description here

The file system created by running the CLI command:

aws efs create-file-system

In addition, I followed EKSWorkshop to create the EFS.

Any help will be much appreciated.

Solution

  • If you change the policy on the backup vault screen you can start the restore.

    It's deny by default.

    For example, it works:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "backup:DeleteBackupVault",
                "backup:DeleteBackupVaultAccessPolicy",
                "backup:DeleteRecoveryPoint",
                "backup:StartCopyJob",
                "backup:StartRestoreJob",
                "backup:UpdateRecoveryPointLifecycle"
            ],
            "Resource": "*"
        }
    ]
}