AWS managed policy: AWSElasticDisasterRecoveryConsoleFullAccess_v2
You can attach the AWSElasticDisasterRecoveryConsoleFullAccess_v2 policy to your IAM identities.
Allows full administrative access to AWS Elastic Disaster Recovery (AWS DRS) Console. Attach this policy to your users or roles.
Permissions details
This policy includes permissions to do the following:
-
drs– All apis. -
kms– List aliases and describe keys. -
ec2– Describe account attributes, availability zones, images, instance (including types, statuses, type offerings), subnets, volumes, ebs encryption by default, ebs default kms key id, key/pairs, capacity reservations and hosts. Describe, create and delete snapshots. Describe and create launch templates. Start, run, stop and terminate instances. Describe and modify instance attributes. Create, attach and detach volumes. Describe, create, modify and delete launch template version. Create and delete tags. Get console output and screenshots. Describe and create security groups. Authorize and revoke security group egress. Authorize security group ingress. -
licence manager– List license configurations. -
resource groups– List groups. -
elastic load balancing– Describe load balancers.. -
iam– List instance profiles and roles, passRole. -
cloudformation– Describe and list stacks. -
s3– Get bucket location and list all my buckets. -
ssm– Describe instance information, send command, start automation execution. List documents and command invocations. Get and put parameters. Describe and get document. Get automation executions.
Permissions details
This policy includes the following permissions.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ConsoleFullAccess1", "Effect": "Allow", "Action": [ "drs:*" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess2", "Effect": "Allow", "Action": [ "kms:ListAliases", "kms:DescribeKey" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess3", "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "ec2:DescribeKeyPairs", "ec2:DescribeCapacityReservations", "ec2:DescribeHosts", "ec2:AssociateIamInstanceProfile", "ec2:GetInstanceTypesFromInstanceRequirements" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess4", "Effect": "Allow", "Action": "license-manager:ListLicenseConfigurations", "Resource": "*" }, { "Sid": "ConsoleFullAccess5", "Effect": "Allow", "Action": "resource-groups:ListGroups", "Resource": "*" }, { "Sid": "ConsoleFullAccess6", "Effect": "Allow", "Action": "elasticloadbalancing:DescribeLoadBalancers", "Resource": "*" }, { "Sid": "ConsoleFullAccess7", "Effect": "Allow", "Action": [ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess8", "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" ], "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Sid": "ConsoleFullAccess9", "Effect": "Allow", "Action": [ "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess10", "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" } } }, { "Sid": "ConsoleFullAccess11", "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplate" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "Null": { "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" } } }, { "Sid": "ConsoleFullAccess12", "Effect": "Allow", "Action": [ "ec2:DeleteVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess13", "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess14", "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess15", "Effect": "Allow", "Action": [ "ec2:CreateVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess16", "Effect": "Allow", "Action": "ec2:CreateSecurityGroup", "Resource": "arn:aws:ec2:*:*:vpc/*" }, { "Sid": "ConsoleFullAccess17", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess18", "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess19", "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess20", "Effect": "Allow", "Action": [ "ec2:DetachVolume", "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess21", "Effect": "Allow", "Action": [ "ec2:DetachVolume", "ec2:AttachVolume", "ec2:StartInstances", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringEquals": { "ec2:ResourceTag/AWSDRS": "AllowLaunchingIntoThisInstance" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] } } }, { "Sid": "ConsoleFullAccess22", "Effect": "Allow", "Action": [ "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess23", "Effect": "Allow", "Action": [ "ec2:DetachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess24", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateFleet" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "Null": { "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess25", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateFleet" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition": { "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess26", "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances" ] }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess27", "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateLaunchTemplate" ] } } }, { "Sid": "ConsoleFullAccess28", "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess29", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess30", "Effect": "Allow", "Action": [ "ssm:DescribeInstanceInformation", "ssm:DescribeParameters" ], "Resource": [ "*" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] } } }, { "Sid": "ConsoleFullAccess31", "Effect": "Allow", "Action": [ "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Resource": [ "arn:aws:ssm:*:*:automation-definition/AWS-CreateImage:$DEFAULT", "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity", "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes", "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse", "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace", "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning", "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] } } }, { "Sid": "ConsoleFullAccess32", "Effect": "Allow", "Action": [ "ssm:SendCommand" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] }, "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" } } }, { "Sid": "ConsoleFullAccess33", "Effect": "Allow", "Action": [ "ssm:ListDocuments", "ssm:ListCommandInvocations" ], "Resource": "*" }, { "Sid": "ConsoleFullAccess34", "Effect": "Allow", "Action": [ "ssm:GetParameter", "ssm:PutParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "ConsoleFullAccess35", "Effect": "Allow", "Action": [ "ssm:DescribeDocument", "ssm:GetDocument" ], "Resource": "arn:aws:ssm:*:*:document/*" }, { "Sid": "ConsoleFullAccess36", "Effect": "Allow", "Action": [ "ssm:GetParameters" ], "Resource": [ "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": "ssm.amazonaws.com" } } }, { "Sid": "ConsoleFullAccess37", "Effect": "Allow", "Action": [ "ssm:GetAutomationExecution" ], "Resource": "arn:aws:ssm:*:*:automation-execution/*", "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" } } }, { "Sid": "ConsoleFullAccess38", "Effect": "Allow", "Action": [ "ec2:AssociateIamInstanceProfile" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "Null": { "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" }, "Bool": { "aws:ViaAWSService": "true" } } }, { "Sid": "ConsoleFullAccess39", "Effect": "Allow", "Action": "ec2:CreateFleet", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:fleet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] } } }, { "Sid": "ConsoleFullAccess40", "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateFleet" ] }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "drs.amazonaws.com" ] } } } ] }
