AWS managed policy: AWSElasticDisasterRecoveryStagingAccountPolicy_v2

This policy is used by AWS Elastic Disaster Recovery (AWS DRS) to recover source servers into a separate target account and to allow failing back. We do not recommend that you attach this policy to your users or roles.

Permissions details

This policy includes the following permissions.


{
    "Version": "2012-10-17",
    "Statement": [
	{
	    "Sid": "DRSStagingAccountPolicyv21",
            "Effect": "Allow",
            "Action": [
                "drs:DescribeSourceServers",
                "drs:DescribeRecoverySnapshots",
                "drs:CreateConvertedSnapshotForDrs",
                "drs:GetReplicationConfiguration",
                "drs:DescribeJobs",
                "drs:DescribeJobLogItems"
            ],
            "Resource": "*"
        },
	{
	    "Sid": "DRSStagingAccountPolicyv22",
            "Effect": "Allow",
            "Action": [
                "ec2:ModifySnapshotAttribute"
            ],
            "Resource": "arn:aws:ec2:*:*:snapshot/*",
            "Condition": {
                "StringEquals": {
                    "ec2:Add/userId": "${aws:SourceIdentity}"
                },
                "Null": {
                    "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false"
                }
            }
        },
	{
	    "Sid": "DRSStagingAccountPolicyv23",
            "Effect": "Allow",
            "Action":  "drs:IssueAgentCertificateForDrs",
            "Resource": [
                "arn:aws:drs:*:*:source-server/*"
            ]
        }
    ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWSElasticDisasterRecoveryStagingAccountPolicy

AWSElasticDisasterRecoveryEc2InstancePolicy