forked from SummitRoute/aws_managed_policies
-
-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathAWSBackupOperatorPolicy
132 lines (132 loc) · 4.67 KB
/
AWSBackupOperatorPolicy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
{
"PolicyVersion": {
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"backup:Get*",
"backup:List*",
"backup:Describe*",
"backup:CreateBackupSelection",
"backup:DeleteBackupSelection",
"backup:GetRecoveryPointRestoreMetadata",
"backup:StartBackupJob",
"backup:StartRestoreJob"
],
"Resource": "*"
},
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBSnapshots",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*",
"Effect": "Allow"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Effect": "Allow",
"Action": [
"storagegateway:ListGateways"
],
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListVolumes",
"storagegateway:ListLocalDisks"
],
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"iam:ListRoles",
"iam:GetRole",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::*:role/*AwsBackup*",
"arn:aws:iam::*:role/*AWSBackup*"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
}
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:RetireGrant",
"kms:CreateGrant",
"kms:ListAliases",
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "*"
}
]
},
"VersionId": "v2",
"IsDefaultVersion": true,
"CreateDate": "2019-03-11T22:18:12Z"
}
}