Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWSBackupServiceRolePolicyForBackup
Deskripsi: Menyediakan izin AWS Backup untuk membuat backup atas nama Anda di seluruh layanan AWS
AWSBackupServiceRolePolicyForBackup
adalah kebijakan yang AWS dikelola.
Menggunakan kebijakan ini
Anda dapat melampirkan AWSBackupServiceRolePolicyForBackup
ke pengguna, grup, dan peran Anda.
Rincian kebijakan
-
Jenis: Kebijakan peran layanan
-
Waktu pembuatan: 10 Januari 2019, 21:01 UTC
-
Waktu yang telah diedit: 27 September 2024, 20:02 UTC
-
ARN:
arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup
Versi kebijakan
Versi kebijakan: v20 (default)
Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.
JSONdokumen kebijakan
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "DynamoDBPermissions",
"Effect" : "Allow",
"Action" : [
"dynamodb:DescribeTable",
"dynamodb:CreateBackup"
],
"Resource" : "arn:aws:dynamodb:*:*:table/*"
},
{
"Sid" : "DynamoDBBackupResourcePermissions",
"Effect" : "Allow",
"Action" : [
"dynamodb:DescribeBackup",
"dynamodb:DeleteBackup"
],
"Resource" : "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Sid" : "DynamoDBBackupPermissions",
"Effect" : "Allow",
"Action" : [
"rds:AddTagsToResource",
"rds:ListTagsForResource",
"rds:DescribeDBSnapshots",
"rds:CreateDBSnapshot",
"rds:CopyDBSnapshot",
"rds:DescribeDBInstances",
"rds:CreateDBClusterSnapshot",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshots",
"rds:CopyDBClusterSnapshot",
"rds:DescribeDBClusterAutomatedBackups"
],
"Resource" : "*"
},
{
"Sid" : "RDSInstanceAutomatedBackupPermissions",
"Effect" : "Allow",
"Action" : "rds:DeleteDBInstanceAutomatedBackup",
"Resource" : "arn:aws:rds:*:*:auto-backup:*"
},
{
"Sid" : "RDSClusterPermissions",
"Effect" : "Allow",
"Action" : [
"rds:ModifyDBCluster"
],
"Resource" : [
"arn:aws:rds:*:*:cluster:*"
]
},
{
"Sid" : "RDSClusterBackupPermissions",
"Effect" : "Allow",
"Action" : "rds:DeleteDBClusterAutomatedBackup",
"Resource" : "arn:aws:rds:*:*:cluster-auto-backup:*"
},
{
"Sid" : "RDSModifyPermissions",
"Effect" : "Allow",
"Action" : [
"rds:ModifyDBInstance"
],
"Resource" : [
"arn:aws:rds:*:*:db:*"
]
},
{
"Sid" : "RDSBackupPermissions",
"Effect" : "Allow",
"Action" : [
"rds:DeleteDBSnapshot",
"rds:ModifyDBSnapshotAttribute"
],
"Resource" : [
"arn:aws:rds:*:*:snapshot:awsbackup:*"
]
},
{
"Sid" : "RDSClusterModifyPermissions",
"Effect" : "Allow",
"Action" : [
"rds:DeleteDBClusterSnapshot",
"rds:ModifyDBClusterSnapshotAttribute"
],
"Resource" : [
"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
]
},
{
"Sid" : "StorageGatewayPermissions",
"Effect" : "Allow",
"Action" : [
"storagegateway:CreateSnapshot",
"storagegateway:ListTagsForResource"
],
"Resource" : "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Sid" : "EBSCopyPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CopySnapshot"
],
"Resource" : "arn:aws:ec2:*::snapshot/*"
},
{
"Sid" : "EC2CopyPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CopyImage"
],
"Resource" : "*"
},
{
"Sid" : "EBSTagAndDeletePermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags",
"ec2:DeleteSnapshot"
],
"Resource" : "arn:aws:ec2:*::snapshot/*"
},
{
"Sid" : "EC2Permissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateImage",
"ec2:DeregisterImage",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceCreditSpecifications",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeElasticGpus",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSnapshotTierStatus"
],
"Resource" : "*"
},
{
"Sid" : "EC2TagPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags"
],
"Resource" : "arn:aws:ec2:*:*:image/*"
},
{
"Sid" : "EC2ModifyPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:ModifySnapshotAttribute",
"ec2:ModifyImageAttribute"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"aws:ResourceTag/aws:backup:source-resource" : "false"
}
}
},
{
"Sid" : "EBSSnapshotTierPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:ModifySnapshotTier"
],
"Resource" : "arn:aws:ec2:*::snapshot/*",
"Condition" : {
"Null" : {
"aws:ResourceTag/aws:backup:source-resource" : "false"
}
}
},
{
"Sid" : "BackupVaultPermissions",
"Effect" : "Allow",
"Action" : [
"backup:DescribeBackupVault",
"backup:CopyIntoBackupVault"
],
"Resource" : "arn:aws:backup:*:*:backup-vault:*"
},
{
"Sid" : "BackupVaultCopyPermissions",
"Effect" : "Allow",
"Action" : [
"backup:CopyFromBackupVault"
],
"Resource" : "*"
},
{
"Sid" : "EFSPermissions",
"Effect" : "Allow",
"Action" : [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Sid" : "EBSResourcePermissions",
"Effect" : "Allow",
"Action" : [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
],
"Resource" : [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Sid" : "KMSDynamoDBPermissions",
"Effect" : "Allow",
"Action" : [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"kms:ViaService" : [
"dynamodb.*.amazonaws.com"
]
}
}
},
{
"Sid" : "KMSPermissions",
"Effect" : "Allow",
"Action" : "kms:DescribeKey",
"Resource" : "*"
},
{
"Sid" : "KMSCreateGrantPermissions",
"Effect" : "Allow",
"Action" : "kms:CreateGrant",
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
}
}
},
{
"Sid" : "KMSDataKeyEC2Permissions",
"Effect" : "Allow",
"Action" : [
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource" : "arn:aws:kms:*:*:key/*",
"Condition" : {
"StringLike" : {
"kms:ViaService" : [
"ec2.*.amazonaws.com"
]
}
}
},
{
"Sid" : "GetResourcesPermissions",
"Effect" : "Allow",
"Action" : [
"tag:GetResources"
],
"Resource" : "*"
},
{
"Sid" : "SSMPermissions",
"Effect" : "Allow",
"Action" : [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Resource" : "*"
},
{
"Sid" : "SSMSendPermissions",
"Effect" : "Allow",
"Action" : "ssm:SendCommand",
"Resource" : [
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Sid" : "FsxBackupPermissions",
"Effect" : "Allow",
"Action" : "fsx:DescribeBackups",
"Resource" : "arn:aws:fsx:*:*:backup/*"
},
{
"Sid" : "FsxCreateBackupPermissions",
"Effect" : "Allow",
"Action" : "fsx:CreateBackup",
"Resource" : [
"arn:aws:fsx:*:*:file-system/*",
"arn:aws:fsx:*:*:backup/*",
"arn:aws:fsx:*:*:volume/*"
]
},
{
"Sid" : "FsxPermissions",
"Effect" : "Allow",
"Action" : "fsx:DescribeFileSystems",
"Resource" : "arn:aws:fsx:*:*:file-system/*"
},
{
"Sid" : "FsxVolumePermissions",
"Effect" : "Allow",
"Action" : "fsx:DescribeVolumes",
"Resource" : "arn:aws:fsx:*:*:volume/*"
},
{
"Sid" : "FsxListTagsPermissions",
"Effect" : "Allow",
"Action" : "fsx:ListTagsForResource",
"Resource" : [
"arn:aws:fsx:*:*:file-system/*",
"arn:aws:fsx:*:*:volume/*"
]
},
{
"Sid" : "FsxDeletePermissions",
"Effect" : "Allow",
"Action" : "fsx:DeleteBackup",
"Resource" : "arn:aws:fsx:*:*:backup/*"
},
{
"Sid" : "FsxResourcePermissions",
"Effect" : "Allow",
"Action" : [
"fsx:ListTagsForResource",
"fsx:ManageBackupPrincipalAssociations",
"fsx:CopyBackup",
"fsx:TagResource"
],
"Resource" : "arn:aws:fsx:*:*:backup/*"
},
{
"Sid" : "DynamodbBackupPermissions",
"Effect" : "Allow",
"Action" : [
"dynamodb:StartAwsBackupJob",
"dynamodb:ListTagsOfResource"
],
"Resource" : "arn:aws:dynamodb:*:*:table/*"
},
{
"Sid" : "BackupGatewayBackupPermissions",
"Effect" : "Allow",
"Action" : [
"backup-gateway:Backup",
"backup-gateway:ListTagsForResource"
],
"Resource" : "arn:aws:backup-gateway:*:*:vm/*"
},
{
"Sid" : "CloudformationStackPermissions",
"Effect" : "Allow",
"Action" : [
"cloudformation:ListStacks",
"cloudformation:GetTemplate",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources"
],
"Resource" : "arn:aws:cloudformation:*:*:stack/*/*"
},
{
"Sid" : "RedshiftCreatePermissions",
"Effect" : "Allow",
"Action" : [
"redshift:CreateClusterSnapshot",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeTags"
],
"Resource" : [
"arn:aws:redshift:*:*:snapshot:*/*",
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Sid" : "RedshiftSnapshotPermissions",
"Effect" : "Allow",
"Action" : [
"redshift:DeleteClusterSnapshot"
],
"Resource" : [
"arn:aws:redshift:*:*:snapshot:*/*"
]
},
{
"Sid" : "RedshiftPermissions",
"Effect" : "Allow",
"Action" : [
"redshift:DescribeClusters"
],
"Resource" : [
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Sid" : "RedshiftResourcePermissions",
"Effect" : "Allow",
"Action" : [
"redshift:CreateTags"
],
"Resource" : [
"arn:aws:redshift:*:*:snapshot:*/*"
]
},
{
"Sid" : "TimestreamResourcePermissions",
"Effect" : "Allow",
"Action" : [
"timestream:StartAwsBackupJob",
"timestream:GetAwsBackupStatus",
"timestream:ListTables",
"timestream:ListDatabases",
"timestream:ListTagsForResource",
"timestream:DescribeTable",
"timestream:DescribeDatabase"
],
"Resource" : [
"arn:aws:timestream:*:*:database/*"
]
},
{
"Sid" : "TimestreamEndpointPermissions",
"Effect" : "Allow",
"Action" : [
"timestream:DescribeEndpoints"
],
"Resource" : "*"
},
{
"Sid" : "SSMSAPPermissions",
"Effect" : "Allow",
"Action" : [
"ssm-sap:GetOperation",
"ssm-sap:ListDatabases"
],
"Resource" : "*"
},
{
"Sid" : "SSMSAPResourcePermissions",
"Effect" : "Allow",
"Action" : [
"ssm-sap:BackupDatabase",
"ssm-sap:UpdateHanaBackupSettings",
"ssm-sap:GetDatabase",
"ssm-sap:ListTagsForResource"
],
"Resource" : "arn:aws:ssm-sap:*:*:*"
},
{
"Sid" : "RecoveryPointTaggingPermissions",
"Effect" : "Allow",
"Action" : [
"backup:TagResource"
],
"Resource" : "arn:aws:backup:*:*:recovery-point:*",
"Condition" : {
"StringEquals" : {
"aws:PrincipalAccount" : "${aws:ResourceAccount}"
}
}
}
]
}