AWSBackupFullAccess - AWS Política gestionada

Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.

AWSBackupFullAccess

Descripción: esta política está diseñada para los administradores de las copias de seguridad. Concede acceso completo a las operaciones de AWS Backup, incluida la creación o edición de planes de copia de seguridad, la asignación de recursos de AWS a planes de copia de seguridad, y la eliminación y restauración de copias de seguridad.

AWSBackupFullAccess es una política administrada de AWS.

Uso de la política

Puede asociar AWSBackupFullAccess a los usuarios, grupos y roles.

Información de la política

  • Tipo: política administrada por AWS

  • Hora de creación: 18 de noviembre de 2019 a las 22:21 UTC

  • Hora de edición: 26 de septiembre de 2024 a las 19:18 h UTC

  • ARN: arn:aws:iam::aws:policy/AWSBackupFullAccess

Versión de la política

Versión de la política: v18 (predeterminada)

La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita acceso a un recurso de AWS, AWS comprueba la versión predeterminada de la política para decidir si permite o no la solicitud.

Documento de política JSON

{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AwsBackupAllAccessPermissions", "Effect" : "Allow", "Action" : "backup:*", "Resource" : "*" }, { "Sid" : "AwsBackupStorageAllAccessPermissions", "Effect" : "Allow", "Action" : "backup-storage:*", "Resource" : "*" }, { "Sid" : "RdsPermissions", "Effect" : "Allow", "Action" : [ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:describeDBClusterSnapshots", "rds:describeDBClusters", "rds:describeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBClusterAutomatedBackups" ], "Resource" : "*" }, { "Sid" : "RdsDeletePermissions", "Effect" : "Allow", "Action" : [ "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "DynamoDbPermissions", "Effect" : "Allow", "Action" : [ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Resource" : "*" }, { "Sid" : "DynamoDbDeleteBackupPermissions", "Effect" : "Allow", "Action" : [ "dynamodb:DeleteBackup" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "EfsFileSystemPermissions", "Effect" : "Allow", "Action" : [ "elasticfilesystem:DescribeFilesystems" ], "Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*" }, { "Sid" : "Ec2Permissions", "Effect" : "Allow", "Action" : [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeVpcEndpoints", "ec2:DescribeAddresses" ], "Resource" : "*" }, { "Sid" : "Ec2DeletePermissions", "Effect" : "Allow", "Action" : [ "ec2:DeleteSnapshot", "ec2:DeregisterImage" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "ResourceGroupTaggingPermissions", "Effect" : "Allow", "Action" : [ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "StorageGatewayVolumePermissions", "Effect" : "Allow", "Action" : [ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Resource" : "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Sid" : "StorageGatewayPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:ListGateways" ], "Resource" : "arn:aws:storagegateway:*:*:*" }, { "Sid" : "StorageGatewayGatewayPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:DescribeGatewayInformation", "storagegateway:ListLocalDisks" ], "Resource" : "arn:aws:storagegateway:*:*:gateway/*" }, { "Sid" : "StorageGatewayGatewayStarPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:ListVolumes" ], "Resource" : "*" }, { "Sid" : "IamRolePermissions", "Effect" : "Allow", "Action" : [ "iam:ListRoles", "iam:GetRole" ], "Resource" : "*" }, { "Sid" : "IamPassRolePermissions", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } } }, { "Sid" : "AwsOrganizationsPermissions", "Effect" : "Allow", "Action" : "organizations:DescribeOrganization", "Resource" : "*" }, { "Sid" : "KmsPermissions", "Effect" : "Allow", "Action" : [ "kms:ListKeys", "kms:DescribeKey", "kms:GenerateDataKey", "kms:ListAliases" ], "Resource" : "*" }, { "Sid" : "KmsCreateGrantPermissions", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "kms:EncryptionContextKeys" : "aws:backup:backup-vault" }, "Bool" : { "kms:GrantIsForAWSResource" : true }, "StringLike" : { "kms:ViaService" : "backup.*.amazonaws.com" } } }, { "Sid" : "SystemManagerCommandPermissions", "Effect" : "Allow", "Action" : [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource" : "*" }, { "Sid" : "SystemManagerSendCommandPermissions", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : [ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ] }, { "Sid" : "FsxPermissions", "Effect" : "Allow", "Action" : [ "fsx:DescribeFileSystems", "fsx:DescribeBackups", "fsx:DescribeVolumes", "fsx:DescribeStorageVirtualMachines" ], "Resource" : "*" }, { "Sid" : "FsxDeletePermissions", "Effect" : "Allow", "Action" : "fsx:DeleteBackup", "Resource" : "arn:aws:fsx:*:*:backup/*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "DirectoryServicePermissions", "Effect" : "Allow", "Action" : "ds:DescribeDirectories", "Resource" : "*" }, { "Sid" : "IamCreateServiceLinkedRolePermissions", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } } }, { "Sid" : "BackupGatewayPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:AssociateGatewayToServer", "backup-gateway:CreateGateway", "backup-gateway:DeleteGateway", "backup-gateway:DeleteHypervisor", "backup-gateway:DisassociateGatewayFromServer", "backup-gateway:ImportHypervisorConfiguration", "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup-gateway:PutMaintenanceStartTime", "backup-gateway:TagResource", "backup-gateway:TestHypervisorConfiguration", "backup-gateway:UntagResource", "backup-gateway:UpdateGatewayInformation", "backup-gateway:UpdateHypervisor" ], "Resource" : "*" }, { "Sid" : "BackupGatewayHypervisorPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetHypervisor", "backup-gateway:GetHypervisorPropertyMappings", "backup-gateway:PutHypervisorPropertyMappings", "backup-gateway:StartVirtualMachinesMetadataSync" ], "Resource" : "arn:aws:backup-gateway:*:*:hypervisor/*" }, { "Sid" : "BackupGatewayVirtualMachinePermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetVirtualMachine" ], "Resource" : "arn:aws:backup-gateway:*:*:vm/*" }, { "Sid" : "BackupGatewayGatewayPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetBandwidthRateLimitSchedule", "backup-gateway:GetGateway", "backup-gateway:PutBandwidthRateLimitSchedule" ], "Resource" : "arn:aws:backup-gateway:*:*:gateway/*" }, { "Sid" : "CloudWatchPermissions", "Effect" : "Allow", "Action" : "cloudwatch:GetMetricData", "Resource" : "*" }, { "Sid" : "TimestreamDatabasePermissions", "Effect" : "Allow", "Action" : [ "timestream:ListTables", "timestream:ListDatabases" ], "Resource" : [ "arn:aws:timestream:*:*:database/*" ] }, { "Sid" : "TimestreamPermissions", "Effect" : "Allow", "Action" : [ "timestream:DescribeEndpoints" ], "Resource" : "*" }, { "Sid" : "S3BucketPermissions", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets" ], "Resource" : "arn:aws:s3:::*" }, { "Sid" : "RedshiftResourcesPermissions", "Effect" : "Allow", "Action" : [ "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeSnapshotSchedules" ], "Resource" : [ "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift:*:*:subnetgroup:*", "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:snapshotschedule:*" ] }, { "Sid" : "RedshiftPermissions", "Effect" : "Allow", "Action" : [ "redshift:DescribeNodeConfigurationOptions", "redshift:DescribeOrderableClusterOptions", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterTracks" ], "Resource" : "*" }, { "Sid" : "CloudFormationStackPermissions", "Effect" : "Allow", "Action" : [ "cloudformation:ListStacks" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/*" ] }, { "Sid" : "SystemsManagerForSapPermissions", "Effect" : "Allow", "Action" : [ "ssm-sap:GetOperation", "ssm-sap:ListDatabases", "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Resource" : "*" }, { "Sid" : "ResourceAccessManagerPermissions", "Effect" : "Allow", "Action" : [ "ram:GetResourceShareAssociations" ], "Resource" : "*" } ] }

Más información