EFS require additional permissions

EFS require additional permissions

Issues:

Due to recent AWS changes, you might need to add additional permissions to the relevant IAM policies.

Action required
 We are updating Amazon EFS such that a principal applying tags to an EFS resource on creation (For example, a file system or an access point) must have IAM permissions to apply tags to the resources using the TagResource operation. If a principal attempts to create an EFS resource with tags and does not have permission to add tags, the resource creation will not succeed. For this account, this change will go into effect on June 30, 2023.


Solution:
Add below permission to the IAM Role in any account where you have EFS backup
elasticfilesystem:TagResource

The following link is to the latest IAM permissions for our latest release: https://support.n2ws.com/portal/en/kb/articles/what-are-the-required-minimal-aws-permissions-roles-for-cpm-operation

    • Related Articles

    • Minimal Azure permissions/roles for N2WS operations

      The required minimal IAM permissions json is attached to this KB article. You can find detailed steps in our User guide, Chapter 26: https://n2ws.com/support/documentation Or in the following KB Article: How to setup CPM on AWS to backup Azure ...

    • How to Check for AWS Permissions

      Checking for AWS account permissions Each account in N2WS is mapped to a specific Roles or IAM user in AWS. You can see the list of account and authentication types in the Account Tab: For each account, you can select it and then click on 'Check AWS ...

    • Required minimal AWS permissions/roles for CPM operation

      You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...

    • N2WS-17735 - EFS cleanup fails with AccessDeniedException

      Issue: When trying to delete EFS backups via CPM for an AWS backup vault that was already manually deleted in AWS, it may fails with AccessDeniedException in UI and following in the agent logs: Error,Failed to delete EFS backup (recovery point ARN: ...

    • EFS Recovery failed - You do not have permission to use the specified KMS key

      Recovery might fail with this error: This error message is an indicator that the IAM Role used for the recovery is not listed as a Key User on the KMS key. Follow the instructions below and then retry the recovery: 1. Identify the IAM Role name from ...