Menu
AWS Import/Export
Developer Guide

Granting Access to Related AWS Resources

The IAM user that creates an AWS Import/Export job must have permissions to access the Amazon S3 buckets and, for import to Amazon Glacier, the Amazon Glacier vault, that will be used for the import or export operations. If the user does not have the necessary permissions, the CreateJob request will fail.

For all import and export jobs, the IAM user must have the following access permissions on the Amazon S3 log bucket:

Copy
s3:GetBucketLocation s3:PutObject s3:AbortMultipartUpload s3:ListMultipartUploadParts s3:ListBucketMultipartUploads

For import to Amazon S3, the IAM user must have the following access permissions on the Amazon S3 import bucket:

Copy
s3:GetBucketLocation s3:PutObject s3:AbortMultipartUpload s3:ListMultipartUploadParts s3:ListBucketMultipartUploads

If the manifest for import to Amazon S3 includes an access control list (ACL), the IAM user must have the following additional access permission on the Amazon S3 import bucket:

Copy
s3:PutObjectAcl

For more information, see Import to Amazon S3 Manifest File Options.

For export from Amazon S3, the IAM user must have the following access permissions on the Amazon S3 export buckets:

Copy
s3:GetBucketLocation s3:GetObject s3:ListBucket

For import to Amazon Glacier, the IAM user must have the following access permissions on the Amazon Glacier vault:

Copy
glacier:AbortMultipartUpload glacier:CompleteMultipartUpload glacier:DescribeVault glacier:InitiateMultipartUpload glacier:ListMultipartUploads glacier:ListParts, glacier:UploadArchive glacier:UploadMultipartPart

The only permissions required for import to Amazon EBS are the previously listed permissions for the Amazon S3 log bucket.

For more information, go to: