Control: AWS > HIPAA > Backup > Backup recovery point manual deletion should be disabled

Checks if a backup vault has an attached resource-based policy which prevents deletion of recovery points. The rule is non complaint if the Backup Vault does not have resource-based policies or has policies without a suitable 'Deny' statement.

Resource Types

This control targets the following resource types:

AWS > Backup > Backup Vault

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-hipaa#/control/types/backupRecoveryPointManualDeletionDisabled

Category URI

tmod:@turbot/turbot#/control/categories/complianceHipaa

GraphQL

query controlType(id: "tmod:@turbot/aws-hipaa#/control/types/backupRecoveryPointManualDeletionDisabled") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-hipaa#/control/types/backupRecoveryPointManualDeletionDisabled'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-hipaa#/control/types/backupRecoveryPointManualDeletionDisabled"