Menu
AWS Migration Hub
User Guide

Custom Policies for Migration Tools

This is an example role for use by a integrated partner or developer when using the AWS Migration Hub API or CLI.

Integrated Partner Role Policy

Copy
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "mgh:CreateProgressUpdateStream" ], "Effect": "Allow", "Resource": "arn:aws:mgh:us-west-2:account_num:progressUpdateStream/vendor_name" }, { "Action": [ "mgh:AssociateCreatedArtifact", "mgh:DescribeMigrationTask", "mgh:DisassociateCreatedArtifact", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:AssociateDiscoveredResource", "mgh:DisassociateDiscoveredResource", "mgh:ListDiscoveredResources" ], "Effect": "Allow", "Resource": "arn:aws:mgh:us-west-2:account_num:progressUpdateStream/vendor_name/*" }, { "Action": [ "mgh:ListMigrationTasks" ], "Effect": "Allow", "Resource": "*" } ] }

Integrated Partner Policy Trust Policy

Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::vendor_account_num:root" }, "Action": "sts:AssumeRole" } ] }

On this page: