What are Amazon S3 Resource Control Policies and why do they matter for backup security?

Resource Control Policies (RCP) are AWS security controls that define maximum permissions for resources across your organization, acting as a top-level security boundary. For backups stored in S3, RCPs prevent common misconfigurations by ensuring buckets maintain appropriate access restrictions even if usage changes over time, protecting against scenarios where a bucket initially intended for one purpose gets repurposed without proper security review.

Why can't I connect a new USB device to my Veeam Hardened Repository?

The Veeam Hardened Repository is designed with strict physical security controls that prevent unauthorized USB devices from being recognized. This is intentional security-by-design to prevent bad actors with physical access from compromising the system. Derek's article provides a workaround for authorizing new devices, though the process is intentionally complex to maintain the security posture of the hardened system.

S3 Security, Azure Local Backup & PowerShell Automation

Name: S3 Security, Azure Local Backup & PowerShell Automation
Uploaded: 2026-03-20T17:02:21-04:00
Duration: 34 min 47 s
Description: TL;DR Amazon S3 Resource Control Policies provide critical top-level security boundaries for backup data, preventing common misconfigurations where buckets are provisioned without clear usage policies or appropriate access restrictions. Luca's detaile...

Veeam

03/20/2026

0 (0%)

Report Like Favorite

TL;DR

Amazon S3 Resource Control Policies provide critical top-level security boundaries for backup data, preventing common misconfigurations where buckets are provisioned without clear usage policies or appropriate access restrictions.
Luca's detailed guide for configuring Veeam Backup and Replication with Azure Local (formerly Azure Stack HCI) fills an important content gap with step-by-step instructions, screenshots, and troubleshooting guidance for this hybrid cloud platform.
Chris's PowerShell automation script for silent Enterprise Manager installation demonstrates practical automation approaches, with community feedback requesting video demonstrations and potential AI agent integration.
Derek's article on USB device authorization with Veeam Hardened Repository reveals the security-by-design approach while highlighting the complexity of workarounds when physical access is needed.
Upcoming community events include a Veeam 100 show on Terraform automation for VB365 (July 10th) and a new BDC vodcast featuring T-Systems discussing their Veeam Data Cloud VCSP experience.

S3 Security with Resource Control Policies

The episode opens with a discussion of Eric's article on enhancing security for backups stored in Amazon S3 using Resource Control Policies (RCP). These policies provide a top-level security boundary that defines maximum permissions across AWS resources, even for IAM roles and service accounts. The panel emphasizes that S3 has become a standard for backup storage, making proper access controls critical. RCPs help prevent common misconfigurations where buckets are provisioned without clear usage policies, potentially exposing backup data. The discussion highlights how these policies protect against scenarios where a bucket initially intended for one purpose gets repurposed without appropriate security adjustments.

Azure Local Backup Configuration

Luca's comprehensive walkthrough of configuring Veeam Backup and Replication with Azure Local (formerly Azure Stack HCI) receives praise for its detailed screenshots and troubleshooting guidance. The panel notes Microsoft's recent rebranding has created some confusion, but Azure Local represents an important hybrid cloud alternative as the virtualization market evolves. The article fills a content gap with step-by-step instructions for integrating these systems, including prerequisite configuration and common pitfalls. Both guests appreciate the thorough documentation approach, particularly for administrators who prefer visual guides over dense text.

PowerShell Automation and Community Challenges

Chris's PowerShell script for silent installation of Veeam Enterprise Manager sparks discussion about automation best practices. The script downloads installation files directly from Veeam's repository and executes without requiring manual credential entry. Luis suggests enhancing the article with video demonstrations or live execution examples, while Andrei playfully challenges Chris to create an AI agent that could perform the installation. The conversation evolves into a proposal for a Veeam 100 show episode featuring Chris demonstrating the automation live. The panel also reviews Derek's article on USB device authorization errors with Veeam Hardened Repository, acknowledging the security-by-design approach while noting the complexity of the workaround process.

Community Updates and Summer Programming

The episode concludes with community announcements, including Charlie winning Blog of the Month for his automated tape import and reporting article. The upcoming Veeam 100 show on July 10th will feature Corinne and Chris demonstrating how to automate Veeam Backup for Microsoft 365 setup using Terraform, promising to reduce deployment time from weeks to days. The panel also highlights a new BDC vodcast format featuring T-Systems International discussing their experience building offerings on Veeam Data Cloud as a VCSP. Both guests encourage the community to stay engaged while also taking time to enjoy summer, with Andrei noting the extreme heat in Berlin and Luis emphasizing work-life balance.

Chapters

0:00 - Introduction and Guest Welcome
2:44 - S3 Resource Control Policies
6:48 - Azure Local Backup Configuration
11:48 - PowerShell Automation Scripts
16:04 - Hardened Repository USB Issues
23:03 - Blog of the Month Winner
25:25 - Veeam 100 Show Preview
28:03 - BDC Vodcast Series
32:18 - Closing Thoughts

Key Quotes

4:02 "You don't want any random people all over Internet to access your data."
6:01 "You don't want to reuse a bucket that it was permitted to write, and then you're using it for, as he said, publishing pictures on a website. So everybody can reach that and also can write into it."
8:30 "It's another interesting variant that people should be aware of. And with Microsoft trying to push Azure as much as possible to anyone, and for anyone doing any businesses these days, this is a NICE alternative to traditional Azure, to traditional cloud, because you can have a hybrid approach over here."
18:12 "Physical security is so important as the virtual security. So if somebody, a bad actor, has access to your physical machine, it is super cool that the Linux is also Hardened, that even though if they plug a USB that is not being allowed, it will get the error."
20:14 "It feels a little bit wrong because it was already designed. It's supposed to be secure. Why do you have to do additional things? ..."
30:51 "A lot of service providers from the very beginning, they were concerned because it kind of, sometimes the expectation is that it's going against their businesses, but it's wrong."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/06/2026

02:00 AM

05/06/2026

Detecting Attacks Before They Escalate into Breaches with AI's Help

https://www.truthinit.com/index.php/channel/1886/detecting-attacks-before-they-escalate-into-breaches-with-ais-help/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Existing Passwords

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-existing-passwords/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Next Steps for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-next-steps-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Risks

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-risks/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Spring of Satori: A Deep Dive into 2026's Threat Landscape and Insights

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-a-deep-dive-into-2026s-threat-landscape-and-insights/
05/19/2026

01:00 PM

05/19/2026

Establishing AI Governance Foundations for GenAI at Every Deployment Stage

https://www.truthinit.com/index.php/channel/1936/establishing-ai-governance-foundations-for-genai-at-every-deployment-stage/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/