本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AWSBackupFullAccess
說明 :此政策適用於備份管理員,授予 AWS 備份操作的完整存取權,包括建立或編輯備份計畫、將 AWS 資源指派給備份計畫、刪除備份和還原備份。
AWSBackupFullAccess
是 AWS 受管政策 。
使用此政策
您可以AWSBackupFullAccess
連接至使用者、群組和角色。
政策詳細資訊
-
類型: AWS 受管政策
-
建立時間:2019 年 11 月 18 日 22:21 UTC
-
編輯時間:2024 年 9 月 26 日 19:18 UTC
-
ARN:
arn:aws:iam::aws:policy/AWSBackupFullAccess
政策版本
政策版本:v18 (預設值)
政策的預設版本是定義政策許可的版本。當具有 政策的使用者或角色提出存取 AWS 資源的請求時, 會 AWS 檢查政策的預設版本,以決定是否允許請求。
JSON 政策文件
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AwsBackupAllAccessPermissions", "Effect" : "Allow", "Action" : "backup:*", "Resource" : "*" }, { "Sid" : "AwsBackupStorageAllAccessPermissions", "Effect" : "Allow", "Action" : "backup-storage:*", "Resource" : "*" }, { "Sid" : "RdsPermissions", "Effect" : "Allow", "Action" : [ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:describeDBClusterSnapshots", "rds:describeDBClusters", "rds:describeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBClusterAutomatedBackups" ], "Resource" : "*" }, { "Sid" : "RdsDeletePermissions", "Effect" : "Allow", "Action" : [ "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "DynamoDbPermissions", "Effect" : "Allow", "Action" : [ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Resource" : "*" }, { "Sid" : "DynamoDbDeleteBackupPermissions", "Effect" : "Allow", "Action" : [ "dynamodb:DeleteBackup" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "EfsFileSystemPermissions", "Effect" : "Allow", "Action" : [ "elasticfilesystem:DescribeFilesystems" ], "Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*" }, { "Sid" : "Ec2Permissions", "Effect" : "Allow", "Action" : [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeVpcEndpoints", "ec2:DescribeAddresses" ], "Resource" : "*" }, { "Sid" : "Ec2DeletePermissions", "Effect" : "Allow", "Action" : [ "ec2:DeleteSnapshot", "ec2:DeregisterImage" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "ResourceGroupTaggingPermissions", "Effect" : "Allow", "Action" : [ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "StorageGatewayVolumePermissions", "Effect" : "Allow", "Action" : [ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Resource" : "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Sid" : "StorageGatewayPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:ListGateways" ], "Resource" : "arn:aws:storagegateway:*:*:*" }, { "Sid" : "StorageGatewayGatewayPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:DescribeGatewayInformation", "storagegateway:ListLocalDisks" ], "Resource" : "arn:aws:storagegateway:*:*:gateway/*" }, { "Sid" : "StorageGatewayGatewayStarPermissions", "Effect" : "Allow", "Action" : [ "storagegateway:ListVolumes" ], "Resource" : "*" }, { "Sid" : "IamRolePermissions", "Effect" : "Allow", "Action" : [ "iam:ListRoles", "iam:GetRole" ], "Resource" : "*" }, { "Sid" : "IamPassRolePermissions", "Effect" : "Allow", "Action" : "iam:PassRole", "Resource" : [ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } } }, { "Sid" : "AwsOrganizationsPermissions", "Effect" : "Allow", "Action" : "organizations:DescribeOrganization", "Resource" : "*" }, { "Sid" : "KmsPermissions", "Effect" : "Allow", "Action" : [ "kms:ListKeys", "kms:DescribeKey", "kms:GenerateDataKey", "kms:ListAliases" ], "Resource" : "*" }, { "Sid" : "KmsCreateGrantPermissions", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "kms:EncryptionContextKeys" : "aws:backup:backup-vault" }, "Bool" : { "kms:GrantIsForAWSResource" : true }, "StringLike" : { "kms:ViaService" : "backup.*.amazonaws.com" } } }, { "Sid" : "SystemManagerCommandPermissions", "Effect" : "Allow", "Action" : [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource" : "*" }, { "Sid" : "SystemManagerSendCommandPermissions", "Effect" : "Allow", "Action" : "ssm:SendCommand", "Resource" : [ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ] }, { "Sid" : "FsxPermissions", "Effect" : "Allow", "Action" : [ "fsx:DescribeFileSystems", "fsx:DescribeBackups", "fsx:DescribeVolumes", "fsx:DescribeStorageVirtualMachines" ], "Resource" : "*" }, { "Sid" : "FsxDeletePermissions", "Effect" : "Allow", "Action" : "fsx:DeleteBackup", "Resource" : "arn:aws:fsx:*:*:backup/*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "backup.amazonaws.com" ] } } }, { "Sid" : "DirectoryServicePermissions", "Effect" : "Allow", "Action" : "ds:DescribeDirectories", "Resource" : "*" }, { "Sid" : "IamCreateServiceLinkedRolePermissions", "Effect" : "Allow", "Action" : "iam:CreateServiceLinkedRole", "Resource" : "*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } } }, { "Sid" : "BackupGatewayPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:AssociateGatewayToServer", "backup-gateway:CreateGateway", "backup-gateway:DeleteGateway", "backup-gateway:DeleteHypervisor", "backup-gateway:DisassociateGatewayFromServer", "backup-gateway:ImportHypervisorConfiguration", "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup-gateway:PutMaintenanceStartTime", "backup-gateway:TagResource", "backup-gateway:TestHypervisorConfiguration", "backup-gateway:UntagResource", "backup-gateway:UpdateGatewayInformation", "backup-gateway:UpdateHypervisor" ], "Resource" : "*" }, { "Sid" : "BackupGatewayHypervisorPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetHypervisor", "backup-gateway:GetHypervisorPropertyMappings", "backup-gateway:PutHypervisorPropertyMappings", "backup-gateway:StartVirtualMachinesMetadataSync" ], "Resource" : "arn:aws:backup-gateway:*:*:hypervisor/*" }, { "Sid" : "BackupGatewayVirtualMachinePermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetVirtualMachine" ], "Resource" : "arn:aws:backup-gateway:*:*:vm/*" }, { "Sid" : "BackupGatewayGatewayPermissions", "Effect" : "Allow", "Action" : [ "backup-gateway:GetBandwidthRateLimitSchedule", "backup-gateway:GetGateway", "backup-gateway:PutBandwidthRateLimitSchedule" ], "Resource" : "arn:aws:backup-gateway:*:*:gateway/*" }, { "Sid" : "CloudWatchPermissions", "Effect" : "Allow", "Action" : "cloudwatch:GetMetricData", "Resource" : "*" }, { "Sid" : "TimestreamDatabasePermissions", "Effect" : "Allow", "Action" : [ "timestream:ListTables", "timestream:ListDatabases" ], "Resource" : [ "arn:aws:timestream:*:*:database/*" ] }, { "Sid" : "TimestreamPermissions", "Effect" : "Allow", "Action" : [ "timestream:DescribeEndpoints" ], "Resource" : "*" }, { "Sid" : "S3BucketPermissions", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets" ], "Resource" : "arn:aws:s3:::*" }, { "Sid" : "RedshiftResourcesPermissions", "Effect" : "Allow", "Action" : [ "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeSnapshotSchedules" ], "Resource" : [ "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift:*:*:subnetgroup:*", "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:snapshotschedule:*" ] }, { "Sid" : "RedshiftPermissions", "Effect" : "Allow", "Action" : [ "redshift:DescribeNodeConfigurationOptions", "redshift:DescribeOrderableClusterOptions", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterTracks" ], "Resource" : "*" }, { "Sid" : "CloudFormationStackPermissions", "Effect" : "Allow", "Action" : [ "cloudformation:ListStacks" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/*" ] }, { "Sid" : "SystemsManagerForSapPermissions", "Effect" : "Allow", "Action" : [ "ssm-sap:GetOperation", "ssm-sap:ListDatabases", "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Resource" : "*" }, { "Sid" : "ResourceAccessManagerPermissions", "Effect" : "Allow", "Action" : [ "ram:GetResourceShareAssociations" ], "Resource" : "*" } ] }