Permissions for @turbot/aws-fsx
Taking a look at permissions and associated grant levels for each permission for FSx:
Permission | Grant Level | Help |
---|---|---|
ds:DescribeDirectories | Metadata | |
ec2:DescribeNetworkInterfaceAttribute | Metadata | |
ec2:DescribeNetworkInterfaces | Metadata | |
ec2:DescribeSecurityGroups | Metadata | |
ec2:DescribeSubnets | Metadata | |
ec2:DescribeVpcs | Metadata | |
fsx:CreateBackup | Admin | |
fsx:CreateFileSystem | Admin | |
fsx:CreateFileSystemFromBackup | Admin | |
fsx:DeleteBackup | Admin | |
fsx:DeleteFileSystem | Admin | |
fsx:DescribeBackups | Metadata | |
fsx:DescribeFileSystems | Metadata | |
fsx:ListTagsForResource | Metadata | |
fsx:TagResource | Admin | |
fsx:UntagResource | Admin | |
fsx:UpdateFileSystem | Admin | |
iam:GetRole | Metadata | |
iam:ListRoles | Metadata | Required to list the existing roles in IAM. |
iam:PassRole | Admin | AWS services allow Admin to pass an existing role to the service. |
kms:DescribeKey | Metadata | |
kms:ListAliases | Metadata | |
s3:HeadBucket | Metadata | Helps to determine if a bucket exists and user have permission to access it. |