AWS managed policy: AWSApplicationMigrationServiceEc2InstancePolicy
This policy allows installing and using the AWS Replication Agent, which is used by AWS Application Migration Service (AWS MGN) to migrate source servers that run on EC2 (cross-Region or cross-AZ). An IAM role with this policy should be attached (as an EC2 Instance Profile) to the EC2 Instances.
Permissions details
This policy includes the following permissions.
-
mgn
– Allows to install and use the AWS Replication Agent
{ "Version": "2012-10-17", "Statement": [ { "Sid": "MgnAgentInstallation", "Effect": "Allow", "Action": [ "mgn:SendClientLogsForMgn", "mgn:RegisterAgentForMgn", "mgn:GetAgentInstallationAssetsForMgn" ], "Resource": "*" }, { "Sid": "MgnAgentReplication", "Effect": "Allow", "Action": [ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", "mgn:UpdateAgentSourcePropertiesForMgn", "mgn:UpdateAgentReplicationInfoForMgn", "mgn:UpdateAgentConversionInfoForMgn", "mgn:GetAgentCommandForMgn", "mgn:GetAgentConfirmedResumeInfoForMgn", "mgn:GetAgentRuntimeConfigurationForMgn", "mgn:UpdateAgentBacklogForMgn", "mgn:GetAgentReplicationInfoForMgn" ], "Resource": "arn:aws:mgn:*:*:source-server/*" }, { "Sid": "MgnSourceServerTagResource", "Effect": "Allow", "Action": "mgn:TagResource", "Resource": "arn:aws:mgn:*:*:source-server/*", "Condition": { "StringEquals": { "mgn:CreateAction": "RegisterAgentForMgn" } } } ] }