AWSBackupAuditAccess - AWS Managed Policy

AWSBackupAuditAccess

Description: This policy grants permissions for users to create controls and frameworks that define their expectations for AWS Backup resources and activities, and to audit AWS Backup resources and activities against their defined controls and frameworks. This policy grants permissions to AWS Config and similar services to describe user expectations perform the audits. This policy also grants permissions to deliver audit reports to S3 and similar services, and enables users to find and open their audit reports.

AWSBackupAuditAccess is an AWS managed policy.

Using this policy

You can attach AWSBackupAuditAccess to your users, groups, and roles.

Policy details

  • Type: AWS managed policy

  • Creation time: August 24, 2021, 01:02 UTC

  • Edited time: April 10, 2023, 21:23 UTC

  • ARN: arn:aws:iam::aws:policy/AWSBackupAuditAccess

Policy version

Policy version: v2 (default)

The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.

JSON policy document

{ "Version" : "2012-10-17", "Statement" : [ { "Effect" : "Allow", "Action" : [ "backup:CreateFramework", "backup:UpdateFramework", "backup:ListFrameworks", "backup:DescribeFramework", "backup:DeleteFramework", "backup:ListBackupPlans", "backup:ListBackupVaults", "backup:CreateReportPlan", "backup:UpdateReportPlan", "backup:ListReportPlans", "backup:DescribeReportPlan", "backup:DeleteReportPlan", "backup:StartReportJob", "backup:ListReportJobs", "backup:DescribeReportJob" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeComplianceByConfigRule" ], "Resource" : "*" }, { "Effect" : "Allow", "Action" : [ "config:GetComplianceDetailsByConfigRule" ], "Resource" : "arn:aws:config:*:*:config-rule/*" }, { "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource" : "arn:aws:s3:::*" } ] }

Learn more