AWSBackupServiceLinkedRolePolicyForBackup details (in AWS console)
Policy Name
AWSBackupServiceLinkedRolePolicyForBackup
Description
Provides AWS Backup permission to create backups on your behalf across AWS services
ARN
arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup
Path
/aws-service-role/
PolicyId
ANPAZKAPJZG4ONJBD4ZY2
AttachmentCount
1
[
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Resource": [
"arn:aws:elasticfilesystem:*:*:file-system/*"
]
},
{
"Effect": "Allow",
"Action": [
"tag:GetResources",
"elasticfilesystem:DescribeFileSystems",
"dynamodb:ListTables",
"storagegateway:ListVolumes",
"ec2:DescribeVolumes",
"ec2:DescribeInstances",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"fsx:DescribeFileSystems",
"fsx:DescribeVolumes",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotTierStatus",
"ec2:DescribeImages",
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusterSnapshots"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CopySnapshot"
],
"Resource": [
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CopyImage"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:ModifySnapshotTier"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:CopyDBSnapshot",
"rds:DeleteDBSnapshot",
"rds:DeleteDBInstanceAutomatedBackup"
],
"Resource": [
"arn:aws:rds:*:*:snapshot:awsbackup:*"
]
},
{
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:CopyDBClusterSnapshot",
"rds:DeleteDBClusterSnapshot"
],
"Resource": [
"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:DescribeKey"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:ListGrants",
"kms:ReEncryptFrom",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"kms:CreateGrant"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"fsx:CopyBackup",
"fsx:TagResource",
"fsx:DescribeBackups",
"fsx:DeleteBackup"
],
"Resource": [
"arn:aws:fsx:*:*:backup/*"
]
},
{
"Effect": "Allow",
"Action": [
"dynamodb:DeleteBackup"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/*/backup/*"
]
},
{
"Effect": "Allow",
"Action": [
"backup-gateway:ListVirtualMachines"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"backup-gateway:ListTagsForResource"
],
"Resource": [
"arn:aws:backup-gateway:*:*:vm/*"
]
},
{
"Effect": "Allow",
"Action": [
"dynamodb:ListTagsOfResource",
"dynamodb:DescribeTable"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/*"
]
},
{
"Effect": "Allow",
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Resource": [
"arn:aws:storagegateway:*:*:gateway/*/volume/*"
]
},
{
"Effect": "Allow",
"Action": [
"events:DeleteRule",
"events:PutTargets",
"events:DescribeRule",
"events:EnableRule",
"events:PutRule",
"events:RemoveTargets",
"events:ListTargetsByRule",
"events:DisableRule"
],
"Resource": [
"arn:aws:events:*:*:rule/AwsBackupManagedRule*"
]
},
{
"Effect": "Allow",
"Action": [
"events:ListRules"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ssm-sap:GetOperation",
"ssm-sap:UpdateHANABackupSettings"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"timestream:ListDatabases",
"timestream:ListTables",
"timestream:ListTagsForResource",
"timestream:DescribeDatabase",
"timestream:DescribeTable",
"timestream:GetAwsBackupStatus",
"timestream:GetAwsRestoreStatus"
],
"Resource": [
"arn:aws:timestream:*:*:database/*"
]
},
{
"Effect": "Allow",
"Action": [
"timestream:DescribeEndpoints"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:DescribeClusterSnapshots",
"redshift:DescribeTags"
],
"Resource": [
"arn:aws:redshift:*:*:snapshot:*/*",
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:DeleteClusterSnapshot"
],
"Resource": [
"arn:aws:redshift:*:*:snapshot:*/*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:DescribeClusters"
],
"Resource": [
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Effect": "Allow",
"Action": [
"cloudformation:ListStacks"
],
"Resource": [
"arn:aws:cloudformation:*:*:stack/*"
]
}
]