AWS Managed Policies. A maze of twisty passages all alike. Explore them here. If it looks like a button, it's clickable. Always up to date.

AWSElasticDisasterRecoveryReadOnlyAccess details (in AWS console)

Policy Name

AWSElasticDisasterRecoveryReadOnlyAccess

Description

You can attach the AWSElasticDisasterRecoveryReadOnlyAccess policy to your IAM identities. This policy provides permissions to all read-only public APIs of Elastic Disaster Recovery (DRS), as well as some read-only APIs of other AWS services that are required in order to make full read-only use of the DRS console. Attach this policy to your IAM users or roles.

ARN

arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryReadOnlyAccess

Path

PolicyId

ANPAZKAPJZG4AACAUJE3T

AttachmentCount

drs ec2 iam ssm

[
  {
    "Effect": "Allow",
    "Action": [
      "drs:DescribeJobLogItems",
      "drs:DescribeJobs",
      "drs:DescribeRecoveryInstances",
      "drs:DescribeRecoverySnapshots",
      "drs:DescribeReplicationConfigurationTemplates",
      "drs:DescribeSourceServers",
      "drs:GetFailbackReplicationConfiguration",
      "drs:GetLaunchConfiguration",
      "drs:GetReplicationConfiguration",
      "drs:ListExtensibleSourceServers",
      "drs:ListStagingAccounts",
      "drs:ListTagsForResource",
      "drs:ListLaunchActions"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "ec2:DescribeInstances",
      "ec2:DescribeLaunchTemplateVersions",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeSubnets"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "iam:ListRoles"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "ssm:ListCommandInvocations"
    ],
    "Resource": [
      "*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "ssm:GetParameter"
    ],
    "Resource": [
      "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "ssm:DescribeDocument",
      "ssm:GetDocument"
    ],
    "Resource": [
      "arn:aws:ssm:*:*:document/AWS-CreateImage",
      "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity",
      "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes",
      "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse",
      "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace",
      "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning",
      "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting",
      "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure"
    ]
  },
  {
    "Effect": "Allow",
    "Action": [
      "ssm:GetAutomationExecution"
    ],
    "Resource": [
      "arn:aws:ssm:*:*:automation-execution/*"
    ]
  }
]