As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
AWSBackupServiceLinkedRolePolicyForBackup
Descrição: fornece permissão AWS de Backup para criar backups em seu nome em todos AWS os serviços
AWSBackupServiceLinkedRolePolicyForBackup é uma política gerenciada pelo AWS.
Utilização desta política
Essa política é vinculada a uma função associada a um serviço, o que possibilita que este serviço execute ações em seu próprio nome. Não é possível vincular esta política a usuários, grupos ou funções.
Detalhes desta política
-
Tipo: Política de função vinculada ao serviço
-
Hora da criação: 02 de junho de 2020, 23:08 UTC
-
Horário editado: 07 de janeiro de 2025, 18:22 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup
Versão da política
Versão da política: v17 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou função da política faz uma solicitação para acessar um AWS recurso, AWS verifica a versão padrão da política para determinar se a solicitação deve ser permitida.
Documento da política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "EFSResourcePermissions",
"Effect" : "Allow",
"Action" : [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*",
"Condition" : {
"StringLike" : {
"aws:ResourceTag/aws:elasticfilesystem:default-backup" : "enabled"
}
}
},
{
"Sid" : "DescribePermissions",
"Effect" : "Allow",
"Action" : [
"tag:GetResources",
"elasticfilesystem:DescribeFileSystems",
"dynamodb:ListTables",
"storagegateway:ListVolumes",
"ec2:DescribeVolumes",
"ec2:DescribeInstances",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"fsx:DescribeFileSystems",
"fsx:DescribeVolumes",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging"
],
"Resource" : "*"
},
{
"Sid" : "SnapshotCopyTagPermissions",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : "arn:aws:ec2:*::snapshot/*",
"Condition" : {
"StringEquals" : {
"ec2:CreateAction" : "CopySnapshot"
}
}
},
{
"Sid" : "EC2CreateBackupTagPermissions",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
],
"Condition" : {
"ForAllValues:StringEquals" : {
"aws:TagKeys" : [
"AWSBackupManagedResource"
]
}
}
},
{
"Sid" : "EC2CreateTagsPermissions",
"Effect" : "Allow",
"Action" : "ec2:CreateTags",
"Resource" : [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
],
"Condition" : {
"Null" : {
"ec2:ResourceTag/AWSBackupManagedResource" : "false"
}
}
},
{
"Sid" : "EC2RDSDescribePermissions",
"Effect" : "Allow",
"Action" : [
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotTierStatus",
"ec2:DescribeImages",
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusterSnapshots"
],
"Resource" : "*"
},
{
"Sid" : "EBSCopyPermissions",
"Effect" : "Allow",
"Action" : "ec2:CopySnapshot",
"Resource" : "arn:aws:ec2:*::snapshot/*"
},
{
"Sid" : "EC2CopyPermissions",
"Effect" : "Allow",
"Action" : "ec2:CopyImage",
"Resource" : "*"
},
{
"Sid" : "EC2ModifyPermissions",
"Effect" : "Allow",
"Action" : [
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:ModifySnapshotTier"
],
"Resource" : "*",
"Condition" : {
"Null" : {
"ec2:ResourceTag/AWSBackupManagedResource" : "false"
}
}
},
{
"Sid" : "RDSInstanceAndSnashotPermissions",
"Effect" : "Allow",
"Action" : [
"rds:AddTagsToResource",
"rds:CopyDBSnapshot",
"rds:DeleteDBSnapshot",
"rds:DeleteDBInstanceAutomatedBackup"
],
"Resource" : "arn:aws:rds:*:*:snapshot:awsbackup:*"
},
{
"Sid" : "RDSClusterPermissions",
"Effect" : "Allow",
"Action" : [
"rds:AddTagsToResource",
"rds:CopyDBClusterSnapshot",
"rds:DeleteDBClusterSnapshot"
],
"Resource" : "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
},
{
"Sid" : "RDSSnapshotTenantDatabasePermissions",
"Effect" : "Allow",
"Action" : [
"rds:AddTagsToResource"
],
"Resource" : [
"arn:aws:rds:*:*:snapshot-tenant-database:awsbackup:*"
]
},
{
"Sid" : "KMSDescribePermissions",
"Effect" : "Allow",
"Action" : "kms:DescribeKey",
"Resource" : "*"
},
{
"Sid" : "KMSGrantPermissions",
"Effect" : "Allow",
"Action" : [
"kms:ListGrants",
"kms:ReEncryptFrom",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"kms:ViaService" : [
"ec2.*.amazonaws.com",
"rds.*.amazonaws.com",
"fsx.*.amazonaws.com"
]
}
}
},
{
"Sid" : "KMSCreateGrantPermissions",
"Effect" : "Allow",
"Action" : "kms:CreateGrant",
"Resource" : "*",
"Condition" : {
"Bool" : {
"kms:GrantIsForAWSResource" : "true"
},
"StringLike" : {
"kms:ViaService" : [
"ec2.*.amazonaws.com",
"rds.*.amazonaws.com",
"fsx.*.amazonaws.com"
]
}
}
},
{
"Sid" : "FsxPermissions",
"Effect" : "Allow",
"Action" : [
"fsx:CopyBackup",
"fsx:TagResource",
"fsx:DescribeBackups",
"fsx:DeleteBackup"
],
"Resource" : "arn:aws:fsx:*:*:backup/*"
},
{
"Sid" : "DynamoDBDeletePermissions",
"Effect" : "Allow",
"Action" : "dynamodb:DeleteBackup",
"Resource" : "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Sid" : "BackupGateway",
"Effect" : "Allow",
"Action" : [
"backup-gateway:ListVirtualMachines"
],
"Resource" : "*"
},
{
"Sid" : "ListTagsForBackupGateway",
"Effect" : "Allow",
"Action" : [
"backup-gateway:ListTagsForResource"
],
"Resource" : "arn:aws:backup-gateway:*:*:vm/*"
},
{
"Sid" : "DynamoDBPermissions",
"Effect" : "Allow",
"Action" : [
"dynamodb:ListTagsOfResource",
"dynamodb:DescribeTable"
],
"Resource" : "arn:aws:dynamodb:*:*:table/*"
},
{
"Sid" : "StorageGatewayPermissions",
"Effect" : "Allow",
"Action" : [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Resource" : "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Sid" : "EventBridgePermissions",
"Effect" : "Allow",
"Action" : [
"events:DeleteRule",
"events:PutTargets",
"events:DescribeRule",
"events:EnableRule",
"events:PutRule",
"events:RemoveTargets",
"events:ListTargetsByRule",
"events:DisableRule"
],
"Resource" : [
"arn:aws:events:*:*:rule/AwsBackupManagedRule*"
]
},
{
"Sid" : "EventBridgeRulesPermissions",
"Effect" : "Allow",
"Action" : "events:ListRules",
"Resource" : "*"
},
{
"Sid" : "SSMSAPPermissions",
"Effect" : "Allow",
"Action" : [
"ssm-sap:GetOperation",
"ssm-sap:UpdateHANABackupSettings"
],
"Resource" : "*"
},
{
"Sid" : "TimestreamResourcePermissions",
"Effect" : "Allow",
"Action" : [
"timestream:ListDatabases",
"timestream:ListTables",
"timestream:ListTagsForResource",
"timestream:DescribeDatabase",
"timestream:DescribeTable",
"timestream:GetAwsBackupStatus",
"timestream:GetAwsRestoreStatus"
],
"Resource" : [
"arn:aws:timestream:*:*:database/*"
]
},
{
"Sid" : "TimestreamPermissions",
"Effect" : "Allow",
"Action" : [
"timestream:DescribeEndpoints"
],
"Resource" : "*"
},
{
"Sid" : "RedshiftDescribePermissions",
"Effect" : "Allow",
"Action" : [
"redshift:DescribeClusterSnapshots",
"redshift:DescribeTags"
],
"Resource" : [
"arn:aws:redshift:*:*:snapshot:*/*",
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Sid" : "RedshiftClusterSnapshotPermissions",
"Effect" : "Allow",
"Action" : [
"redshift:DeleteClusterSnapshot"
],
"Resource" : [
"arn:aws:redshift:*:*:snapshot:*/*"
]
},
{
"Sid" : "RedshiftClusterPermissions",
"Effect" : "Allow",
"Action" : [
"redshift:DescribeClusters"
],
"Resource" : [
"arn:aws:redshift:*:*:cluster:*"
]
},
{
"Sid" : "CloudformationStackPermissions",
"Effect" : "Allow",
"Action" : [
"cloudformation:ListStacks"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/*"
]
},
{
"Sid" : "RecoveryPointTaggingPermissions",
"Effect" : "Allow",
"Action" : [
"backup:TagResource"
],
"Resource" : "arn:aws:backup:*:*:recovery-point:*",
"Condition" : {
"StringEquals" : {
"aws:PrincipalAccount" : "${aws:ResourceAccount}"
}
}
}
]
}Saiba mais
