EFS require additional permissions
Due to recent AWS changes, you might need to add additional permissions to the relevant IAM policies.
Action required
We are updating Amazon EFS such that a principal applying tags to an EFS
resource on creation (For example, a file system or an access point) must have
IAM permissions to apply tags to the resources using the TagResource operation.
If a principal attempts to create an EFS resource with tags and does not have
permission to add tags, the resource creation will not succeed. For this
account, this change will go into effect on June 30, 2023.
Solution:
Add below permission to the IAM Role in any account where you have EFS backup
elasticfilesystem:TagResource
Related Articles
Minimal Azure permissions/roles for N2WS operations
The required minimal IAM permissions json is attached to this KB article. You can find detailed steps in our User guide, Chapter 26: https://n2ws.com/support/documentation Or in the following KB Article: How to setup CPM on AWS to backup Azure ...
How to Check for AWS Permissions
Each account in N2WS is mapped to a specific Roles or IAM user in AWS, You can see the list of account and authentication types in the Account Tab: For each account, you can select it and then click on 'Check AWS Permissions' This will test the ...
What are the required minimal AWS permissions/roles for CPM operation?
You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...
N2WS-17735 - EFS cleanup fails with AccessDeniedException
Issue: When trying to delete EFS backups via CPM for an AWS backup vault that was already manually deleted in AWS, it may fails with AccessDeniedException in UI and following in the agent logs: Error,Failed to delete EFS backup (recovery point ARN: ...
EFS Recovery failed - You do not have permission to use the specified KMS key
Recovery might fail with this error: This error message is an indicator that the IAM Role used for the recovery is not listed as a Key User on the KMS key. Follow the instructions below and then retry the recovery: 1. Identify the IAM Role name from ...