메뉴
AWS Storage Backups
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
eBPF-based post-exploitation for kernel-level credential harvesting, process hiding, and traffic interception on Linux
AWS post-exploitation for IAM privilege escalation, data exfiltration, persistence, and operational security via boto3
Azure/Entra ID post-exploitation for tenant compromise, Key Vault extraction, managed identity abuse, and token manipulation
CI/CD pipeline attacks for secret extraction, pipeline injection, and supply chain compromise via GitHub/Jenkins/GitLab
Kubernetes post-exploitation for container escape, secret extraction, RBAC abuse, and cluster persistence
macOS post-exploitation for credential harvesting, DTrace monitoring, TCC bypass, and stealth operations via native tools
| name | cis-aws-storage-1.1 |
| description | AWS Storage Backups |
| category | cis-storage-services |
| version | 1.0.0 |
| author | cyberstrike-official |
| tags | ["cis","aws","storage","backup","aws-backup","disaster-recovery","resilience"] |
| cis_id | 1.1 |
| cis_benchmark | CIS AWS Storage Services Benchmark v1.0.0 |
| tech_stack | ["aws"] |
| cwe_ids | [] |
| chains_with | ["cis-aws-storage-1.2","cis-aws-storage-1.3","cis-aws-storage-1.4","cis-aws-storage-1.5","cis-aws-storage-1.6"] |
| prerequisites | [] |
| severity_boost | {} |
AWS Storage Backups is a managed AWS Service that establishes high resiliency to your cloud resources. AWS Storage Backups are like making extra copies of your important stuff on Amazon's computers. It is an excellent strategy to ensure that the data and resources you use remain available in the event of unrecoverable damage or loss to your resources.
AWS Backups enable you to back up and restore all data lost during the attack. While AWS Storage Backups provide a level of security, there are numerous methods to fortify your backups, ensuring the protection of your data and services.
Not implementing AWS Backups can lead to:
This control requires manual verification of:
Check if AWS Backup is being used in your account:
# List backup plans
aws backup list-backup-plans
# List backup vaults
aws backup list-backup-vaults
# List protected resources
aws backup list-protected-resources
Sign into AWS Console
https://console.aws.amazon.com/billing/home#/Access AWS Backup Service
Create Backup Plan
# Create a backup vault
aws backup create-backup-vault \
--backup-vault-name my-backup-vault
# Create a backup plan from a template
aws backup create-backup-plan \
--backup-plan '{"BackupPlanName":"MyBackupPlan","Rules":[{"RuleName":"DailyBackups","TargetBackupVaultName":"my-backup-vault","ScheduleExpression":"cron(0 5 ? * * *)","StartWindowMinutes":60,"CompletionWindowMinutes":120,"Lifecycle":{"DeleteAfterDays":30}}]}'
AWS Backup is not enabled by default. Organizations must manually configure backup plans, vaults, and resource assignments.
Not mapped to specific CIS Controls v7 or v8 in the provided documentation.