Route53RecoveryReadinessServiceRolePolicy - AWS Managed Policy

Route53RecoveryReadinessServiceRolePolicy

Description: Service Linked Role Policy for Route 53 Recovery Readiness

Route53RecoveryReadinessServiceRolePolicy is an AWS managed policy.

Using this policy

This policy is attached to a service-linked role that allows the service to perform actions on your behalf. You cannot attach this policy to your users, groups, or roles.

Policy details

  • Type: Service-linked role policy

  • Creation time: July 15, 2021, 16:06 UTC

  • Edited time: February 14, 2023, 18:08 UTC

  • ARN: arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy

Policy version

Policy version: v5 (default)

The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.

JSON policy document

{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings" ], "Resource" : "arn:aws:dynamodb:*:*:*" }, { "Effect" : "Allow", "Action" : [ "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive" ], "Resource" : "arn:aws:dynamodb:*:*:table/*" }, { "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas", "Condition" : { "StringLike" : { "iam:AWSServiceName" : "servicequotas.amazonaws.com" } } }, { "Effect" : "Allow", "Action" : [ "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:GetProvisionedConcurrencyConfig", "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListAliases", "lambda:ListVersionsByFunction" ], "Resource" : "arn:aws:lambda:*:*:function:*" }, { "Effect" : "Allow", "Action" : [ "rds:DescribeDBClusters" ], "Resource" : "arn:aws:rds:*:*:cluster:*" }, { "Effect" : "Allow", "Action" : [ "rds:DescribeDBInstances" ], "Resource" : "arn:aws:rds:*:*:db:*" }, { "Effect" : "Allow", "Action" : [ "route53:ListResourceRecordSets" ], "Resource" : "arn:aws:route53:::hostedzone/*" }, { "Effect" : "Allow", "Action" : [ "route53:GetHealthCheck", "route53:GetHealthCheckStatus" ], "Resource" : "arn:aws:route53:::healthcheck/*" }, { "Effect" : "Allow", "Action" : [ "servicequotas:RequestServiceQuotaIncrease" ], "Resource" : "arn:aws:servicequotas:*:*:*" }, { "Effect" : "Allow", "Action" : [ "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic" ], "Resource" : "arn:aws:sns:*:*:*" }, { "Effect" : "Allow", "Action" : [ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Resource" : "arn:aws:sqs:*:*:*" }, { "Effect" : "Allow", "Action" : [ "apigateway:GET", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeLoadBalancerTargetGroups", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribePolicies", "cloudwatch:GetMetricData", "cloudwatch:DescribeAlarms", "dynamodb:DescribeLimits", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "kafka:DescribeCluster", "kafka:DescribeConfigurationRevision", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "rds:DescribeAccountAttributes", "route53:GetHostedZone", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "sns:GetEndpointAttributes", "sns:GetSubscriptionAttributes" ], "Resource" : "*" } ] }

Learn more