Status: IN
Restoring encrypted AWS Backup recovery points requires either KMS key policy allowlisting or explicit KMS permissions (`KMSDescribePermissions`, `KMSPermissions`, `KMSCreateGrantPermissions`) on the restore role.
Source: entries/2026/03/12/aws-backup-latest-devguide-security-iam-awsmanpolhtml.md