AWS managed policies for Amazon Route 53 Application Recovery Controller
An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.
For more information, see AWS managed policies in the IAM User Guide.
AWS managed policy: Route53RecoveryReadinessServiceRolePolicy
You can't attach Route53RecoveryReadinessServiceRolePolicy to your IAM entities.
This policy is attached to a service-linked role that allows Amazon Route 53 Application Recovery Controller to access AWS
services and resources that are used or managed by Route 53 ARC. For more information, see
Using service-linked roles for Route 53 ARC.
AWS managed policy: AmazonRoute53RecoveryReadinessFullAccess
You can attach AmazonRoute53RecoveryReadinessFullAccess to your IAM entities.
This policy grants full access to actions for working with recovery readiness (readiness check) in Route 53 ARC. Attach
it to IAM users and other principals who need full access to recovery readiness actions.
To view the permissions for this policy, see AmazonRoute53RecoveryReadinessFullAccess in the AWS Managed Policy Reference.
AWS managed policy: AmazonRoute53RecoveryReadinessReadOnlyAccess
You can attach AmazonRoute53RecoveryReadinessReadOnlyAccess to your IAM entities.
This policy grants read-only access to actions for working with recovery readiness in Route 53 ARC. It's
useful for users who need to view readiness statuses and recovery group configurations. These
users can't create, update, or delete recovery readiness resources.
To view the permissions for this policy, see AmazonRoute53RecoveryReadinessReadOnlyAccess in the AWS Managed Policy Reference.
AWS managed policy: AmazonRoute53RecoveryControlConfigFullAccess
You can attach AmazonRoute53RecoveryControlConfigFullAccess to your IAM entities.
This policy grants full access to actions for working with recovery control configuration in Route 53 ARC. Attach
it to IAM users and other principals who need full access to recovery control configuration actions.
At your discretion, you can add access to additional Amazon Route 53 actions to enable users
to create health checks for routing controls. For example, you might allow permission for one or more of the following
actions: route53:GetHealthCheck, route53:CreateHealthCheck,
route53:DeleteHealthCheck, and route53:ChangeTagsForResource.
To view the permissions for this policy, see AmazonRoute53RecoveryControlConfigFullAccess in the AWS Managed Policy Reference.
AWS managed policy: AmazonRoute53RecoveryControlConfigReadOnlyAccess
You can attach AmazonRoute53RecoveryControlConfigReadOnlyAccess to your IAM entities. It's
useful for users who need to view routing control and safety rule configurations.
This policy grants read-only access to actions for working with recovery control configuration in Route 53 ARC. These
users can't create, update, or delete recovery control resources.
To view the permissions for this policy, see AmazonRoute53RecoveryControlConfigReadOnlyAccess in the AWS Managed Policy Reference.
AWS managed policy: AmazonRoute53RecoveryClusterFullAccess
You can attach AmazonRoute53RecoveryClusterFullAccess to your IAM entities.
This policy grants full access to actions for working with the cluster data plane in Route 53 ARC. Attach
it to IAM users and other principals who need full access to updating and retrieving routing control states.
To view the permissions for this policy, see AmazonRoute53RecoveryClusterFullAccess in the AWS Managed Policy Reference.
AWS managed policy: AmazonRoute53RecoveryClusterReadOnlyAccess
You can attach AmazonRoute53RecoveryClusterReadOnlyAccess to your IAM entities.
This policy grants read-only access to the cluster data plane in Route 53 ARC. These users can retrieve routing control states
but can't update them.
To view the permissions for this policy, see AmazonRoute53RecoveryClusterReadOnlyAccess in the AWS Managed Policy Reference.
Route 53 ARC updates to AWS managed policies
View details about updates to AWS managed policies for Route 53 ARC since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Route 53 ARC Document history page.
| Change | Description | Date |
|---|---|---|
|
AWSServiceRoleForPercPracticePolicy – New policy |
Route 53 ARC added a new service-linked role for autoshift and practice runs. Route 53 ARC uses the permissions enabled by the service-linked role to monitor customer-provided Amazon CloudWatch alarms and customer AWS Health Dashboard events for practice runs, and to start practice runs. To learn more about the new service-linked role, see Service-linked role permissions for AWSServiceRoleForZonalAutoshiftPracticeRun. |
November 30, 2023 |
|
AmazonRoute53RecoveryControlConfigReadOnlyAccess – Updated policy |
Adds permissions for |
October 18, 2023 |
|
Route53RecoveryReadinessServiceRolePolicy – Updated policy |
Route 53 ARC added new permissions to query information about Amazon EC2 instances. Route 53 ARC uses the following permissions to support polling Amazon EC2 instances, to run readiness checks and determine the readiness status for the instances.
|
February 17, 2023 |
|
Route53RecoveryReadinessServiceRolePolicy – Updated policy |
Route 53 ARC added a new permission to query information about Lambda functions. Route 53 ARC uses the following permission to query information about Lambda functions to run readiness checks and determine the readiness status for the functions.
|
August 31, 2022 |
|
AmazonRoute53RecoveryControlConfigFullAccess – Updated policy |
Removed Amazon Route 53 permissions from the policy and added note listing the optional permissions. |
May 26, 2022 |
|
AmazonRoute53RecoveryControlConfigFullAccess – Updated policy |
Added missing required Amazon Route 53 permissions to the policy. |
April 15, 2022 |
|
AmazonRoute53RecoveryClusterReadOnlyAccess – Updated policy |
Route 53 ARC added a new permission, |
March 15, 2022 |
|
AmazonRoute53RecoveryControlConfigReadOnlyAccess – Updated policy |
Route 53 ARC added a new permission, |
December 20, 2021 |
|
Route53RecoveryReadinessServiceRolePolicy – Updated policy |
Route 53 ARC added a new permission to query information about Amazon API Gateway. Route 53 ARC uses the permission, |
October 28, 2021 |
|
AmazonRoute53RecoveryReadinessReadOnlyAccess – Added new permissions |
Route 53 ARC added two new permissions to AmazonRoute53RecoveryReadinessReadOnlyAccess: Route 53 ARC uses |
October 15, 2021 |
|
Route53RecoveryReadinessServiceRolePolicy – Updated policy |
Route 53 ARC added new permissions to query information about Lambda functions. Route 53 ARC uses the following permissions to query information about Lambda functions to run readiness checks and determine the readiness status for those functions.
|
October 8, 2021 |
|
Route53RecoveryReadinessServiceRolePolicy – Added new managed policies |
Route 53 ARC added the following new managed policies: AmazonRoute53RecoveryReadinessFullAccess AmazonRoute53RecoveryReadinessReadOnlyAccess AmazonRoute53RecoveryClusterFullAccess AmazonRoute53RecoveryClusterReadOnlyAccess |
August 18, 2021 |
|
Route 53 ARC started tracking changes |
Route 53 ARC started tracking changes for its AWS managed policies. |
July 27, 2021 |
