Permissions for @turbot/aws-fsx
Taking a look at permissions and associated grant levels for each permission for FSx:
| Permission | Grant Level | Help |
|---|---|---|
| ds:DescribeDirectories | Metadata | |
| ec2:DescribeNetworkInterfaceAttribute | Metadata | |
| ec2:DescribeNetworkInterfaces | Metadata | |
| ec2:DescribeSecurityGroups | Metadata | |
| ec2:DescribeSubnets | Metadata | |
| ec2:DescribeVpcs | Metadata | |
| fsx:CreateBackup | Admin | |
| fsx:CreateFileSystem | Admin | |
| fsx:CreateFileSystemFromBackup | Admin | |
| fsx:DeleteBackup | Admin | |
| fsx:DeleteFileSystem | Admin | |
| fsx:DescribeBackups | Metadata | |
| fsx:DescribeFileSystems | Metadata | |
| fsx:ListTagsForResource | Metadata | |
| fsx:TagResource | Admin | |
| fsx:UntagResource | Admin | |
| fsx:UpdateFileSystem | Admin | |
| iam:GetRole | Metadata | |
| iam:ListRoles | Metadata | Required to list the existing roles in IAM. |
| iam:PassRole | Admin | AWS services allow Admin to pass an existing role to the service. |
| kms:DescribeKey | Metadata | |
| kms:ListAliases | Metadata | |
| s3:HeadBucket | Metadata | Helps to determine if a bucket exists and user have permission to access it. |