本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
AWSBackupServiceRolePolicyForS3Backup
描述:该策略包含 AWS Backup 在任何 S3 存储桶中备份数据所需的权限。其中包括对所有 S3 对象的读取权限以及所有 KMS 密钥的全部解密访问权限。
AWSBackupServiceRolePolicyForS3Backup
是一项 AWS 托管式策略。
使用此策略
您可以将 AWSBackupServiceRolePolicyForS3Backup
附加到您的用户、组和角色。
策略详细信息
-
类型:AWS 托管策略
-
创建时间:2022 年 2 月 18 日 17:40 UTC
-
编辑时间:2024 年 5 月 17 日 17:12 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup
策略版本
策略版本:v4(默认)
此策略的默认版本是定义策略权限的版本。当使用该策略的用户或角色请求访问 AWS 资源时,AWS 会检查策略的默认版本以确定是否允许该请求。
JSON 策略文档
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "CloudWatchGetMetricDataPermissions", "Effect" : "Allow", "Action" : "cloudwatch:GetMetricData", "Resource" : "*" }, { "Sid" : "EventBridgePermissionsForAwsBackupManagedRule", "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:PutRule", "events:RemoveTargets", "events:ListTargetsByRule", "events:DisableRule" ], "Resource" : [ "arn:aws:events:*:*:rule/AwsBackupManagedRule*" ] }, { "Sid" : "EventBridgeListRulesPermissions", "Effect" : "Allow", "Action" : "events:ListRules", "Resource" : "*" }, { "Sid" : "KmsPermissions", "Effect" : "Allow", "Action" : [ "kms:Decrypt", "kms:DescribeKey" ], "Resource" : "*", "Condition" : { "StringLike" : { "kms:ViaService" : "s3.*.amazonaws.com" } } }, { "Sid" : "S3BucketPermissions", "Effect" : "Allow", "Action" : [ "s3:GetBucketTagging", "s3:GetInventoryConfiguration", "s3:ListBucketVersions", "s3:ListBucket", "s3:GetBucketVersioning", "s3:GetBucketLocation", "s3:GetBucketAcl", "s3:PutInventoryConfiguration", "s3:GetBucketNotification", "s3:PutBucketNotification" ], "Resource" : "arn:aws:s3:::*" }, { "Sid" : "S3ObjectPermissions", "Effect" : "Allow", "Action" : [ "s3:GetObjectAcl", "s3:GetObject", "s3:GetObjectVersionTagging", "s3:GetObjectVersionAcl", "s3:GetObjectTagging", "s3:GetObjectVersion" ], "Resource" : "arn:aws:s3:::*/*" }, { "Sid" : "S3ListBucketPermissions", "Effect" : "Allow", "Action" : "s3:ListAllMyBuckets", "Resource" : "*" }, { "Sid" : "RecoveryPointTaggingPermissions", "Effect" : "Allow", "Action" : [ "backup:TagResource" ], "Resource" : "arn:aws:backup:*:*:recovery-point:*", "Condition" : { "StringEquals" : { "aws:PrincipalAccount" : "${aws:ResourceAccount}" } } } ] }