Required IAM permissions for using AWS DataSync - AWS DataSync

Beginning December 7, 2023, we will discontinue version 1 DataSync agents. Check the Agents page on the DataSync console to see if you have affected agents. If you do, replace those agents before then to avoid data transfer or storage discovery disruptions. If you need more help, contact AWS Support.

Required IAM permissions for using AWS DataSync

AWS DataSync can move your data to an Amazon S3 bucket, Amazon EFS file system, or a number of other AWS storage services. To get your data where you want it to go, you need the right AWS Identity and Access Management (IAM) permissions granted to your identity. For example, the IAM role that you use with DataSync needs permission to use the Amazon S3 operations required to transfer data to an S3 bucket.

You can grant these permissions with IAM policies provided by AWS or by creating your own policies.

AWS managed policies

AWS provides the following managed policies for common DataSync use cases:

  • AWSDataSyncReadOnlyAccess – Provides read-only access to DataSync.

  • AWSDataSyncFullAccess – Provides full access to DataSync and minimal access to its dependencies.

For more information, see AWS managed policies for AWS DataSync.

Customer managed policies

You can create custom IAM policies to use with DataSync. For more information, see IAM customer managed policies for AWS DataSync.