icon-zcspm.svg
ZCSPM

Granting Access to AWS Backup

You can grant the ZCSPM data collector role access to your AWS Backup service to enable a security policy. ZCSPM requires the following access permissions to collect necessary configuration metadata:

  • ListBackupVaults
  • DescribeBackupVault
  • ListTags

To grant AWS Backup service access to the ZCSPM data collector role, you must create an AWS IAM policy which grants access to AWS Backup service permissions:

  1. Log in to the AWS Console and navigate to the IAM service.
  2. In the left pane menu, click Roles under Access management.
  3. Select the demo-security-audit role.

  1. In the Permissions tab, click Attach policies.
  2. Click Create policy.
  3. In the Service drop-down menu, click Choose a service, then select Backup.
  4. In the Actions drop-down menu:
    • Select List, then select ListBackupVaults
    • Select Read, then select DescribeBackupVault and ListTags.
  5. In the Resources drop-down menu, select All resources.
  6. Click Next: Tags.

  1. On the Review policy page, enter the policy name.
  2. Click Create policy.

After you create the policy, you must associate the policy to the demo-security-audit role:

  1. In the left pane menu, click Roles under Access management.
  2. Select the demo-security-audit role.
  3. In the Permissions tab, click Attach policies.
  4. Select the created policy, then select Attach policy.
Related Articles
Onboarding an AWS AccountEnabling AWS Config Based Data CollectionGranting Access to KMS Keys on AWSGranting Access to AWS BackupEnabling AWS Inspector Agent for OS Baseline and Vulnerability ConfigurationsConfiguring the ZCSPM Agent for the Amazon Elastic Kubernetes ServiceVerifying the Cloud Account Health Status for AWSOffboarding an AWS Account