Permissions for @turbot/aws-storagegateway
Taking a look at permissions and associated grant levels for each permission for Storage Gateway:
| Permission | Grant Level | Help |
|---|---|---|
| storagegateway:ActivateGateway | Admin | Admins manage gateways. |
| storagegateway:AddCache | Admin | Admins manage caches for cached-volume gateways. |
| storagegateway:AddTagsToResource | Operator | Operators can add tags to all resources. |
| storagegateway:AddUploadBuffer | Admin | Admins manage upload buffers for gateways. |
| storagegateway:AddWorkingStorage | Admin | Deprecated and replaced by AddUploadBuffer by AWS. Set to Whitelist instead of None to consolidate characters in lockdown whitelist policy. |
| storagegateway:AssignTapePool | Admin | |
| storagegateway:AttachVolume | Admin | |
| storagegateway:CancelArchival | Operator | Operators can cancel archivals. |
| storagegateway:CancelRetrieval | Operator | Operators can cancel retrievals. |
| storagegateway:CreateCachediSCSIVolume | Admin | Admins manage caches for cached-volume gateways. |
| storagegateway:CreateNFSFileShare | Admin | Admins manage NFS file shares. |
| storagegateway:CreateSMBFileShare | Admin | |
| storagegateway:CreateSnapshot | Operator | Operators can create volume snapshots. |
| storagegateway:CreateSnapshotFromVolumeRecoveryPoint | Operator | Operators can create volume snapshots. |
| storagegateway:CreateStorediSCSIVolume | Admin | Admins manage volumes for gateway-stored gateways. |
| storagegateway:CreateTapePool | Admin | |
| storagegateway:CreateTapeWithBarcode | Admin | Admins manage tapes. |
| storagegateway:CreateTapes | Admin | Admins manage tapes. |
| storagegateway:DeleteAutomaticTapeCreationPolicy | Admin | |
| storagegateway:DeleteBandwidthRateLimit | Operator | Operators manage gateway bandwidth rate limits. |
| storagegateway:DeleteChapCredentials | Admin | Admins manage Challenge-Handshake Authentication Protocol (CHAP) credentials. |
| storagegateway:DeleteFileShare | Admin | Admins manage NFS file shares. |
| storagegateway:DeleteGateway | Admin | Admins manage gateways. |
| storagegateway:DeleteSnapshotSchedule | Operator | Deleting a volume's snapshot schedule does not delete snapshots. |
| storagegateway:DeleteTape | Admin | Admins manage tapes. |
| storagegateway:DeleteTapeArchive | Admin | Admins manage tapes. |
| storagegateway:DeleteTapePool | Admin | |
| storagegateway:DeleteVolume | Admin | Admins manage volumes. |
| storagegateway:DescribeAvailabilityMonitorTest | Metadata | |
| storagegateway:DescribeBandwidthRateLimit | Metadata | |
| storagegateway:DescribeCache | Metadata | |
| storagegateway:DescribeCachediSCSIVolumes | Metadata | |
| storagegateway:DescribeChapCredentials | Metadata | Even though initiator-target secret keys are returned; low risk as admin actions are still needed to setup connection. |
| storagegateway:DescribeGatewayInformation | Metadata | |
| storagegateway:DescribeMaintenanceStartTime | Metadata | |
| storagegateway:DescribeNFSFileShares | Metadata | |
| storagegateway:DescribeSMBFileShares | Metadata | |
| storagegateway:DescribeSMBSettings | Metadata | |
| storagegateway:DescribeSnapshotSchedule | Metadata | |
| storagegateway:DescribeStorediSCSIVolumes | Metadata | |
| storagegateway:DescribeTapeArchives | Metadata | |
| storagegateway:DescribeTapeRecoveryPoints | Metadata | |
| storagegateway:DescribeTapes | Metadata | |
| storagegateway:DescribeUploadBuffer | Metadata | |
| storagegateway:DescribeVTLDevices | Metadata | |
| storagegateway:DescribeWorkingStorage | Metadata | Deprecated and replaced by DescribeUploadBuffer by AWS. Retained by Guardrails since it's a read permission. |
| storagegateway:DetachVolume | Admin | |
| storagegateway:DisableGateway | Operator | Can only disable gateways that are no longer functioning. Disabled gateways cannot be re-enabled. |
| storagegateway:JoinDomain | Admin | |
| storagegateway:ListAutomaticTapeCreationPolicies | Metadata | |
| storagegateway:ListFileShares | Metadata | |
| storagegateway:ListGateways | Metadata | |
| storagegateway:ListLocalDisks | Metadata | |
| storagegateway:ListTagsForResource | Metadata | |
| storagegateway:ListTapePools | Metadata | |
| storagegateway:ListTapes | Metadata | |
| storagegateway:ListVolumeInitiators | Metadata | |
| storagegateway:ListVolumeRecoveryPoints | Metadata | |
| storagegateway:ListVolumes | Metadata | |
| storagegateway:NotifyWhenUploaded | Operator | Operators can enable the NotifyWhenUploaded action. |
| storagegateway:RefreshCache | Operator | |
| storagegateway:RemoveTagsFromResource | Operator | Operators can remove tags from all resources. |
| storagegateway:ResetCache | Operator | Can only reset caches that have experienced errors. |
| storagegateway:RetrieveTapeArchive | Operator | Operators can retrieve archived tapes. |
| storagegateway:RetrieveTapeRecoveryPoint | Operator | Operators can retrieve recovery points for the specific tape. The retrieved tape is read only. |
| storagegateway:SetLocalConsolePassword | Admin | Console passwords are managed by admins. |
| storagegateway:SetSMBGuestPassword | Admin | |
| storagegateway:ShutdownGateway | Operator | Shutdown gateways can be started again. |
| storagegateway:StartAvailabilityMonitorTest | Operator | |
| storagegateway:StartGateway | Operator | Operators can restart shutdown gateways. |
| storagegateway:UpdateAutomaticTapeCreationPolicy | Admin | |
| storagegateway:UpdateBandwidthRateLimit | Operator | Gateway bandwidth rate limits are managed by operators. |
| storagegateway:UpdateChapCredentials | Admin | Admins manage CHAP credentials. |
| storagegateway:UpdateGatewayInformation | Admin | Admins manage gateway names and timezones. |
| storagegateway:UpdateGatewaySoftwareNow | Operator | Operators can update gateway software. |
| storagegateway:UpdateMaintenanceStartTime | Operator | Operators can set weekly maintenance start times. |
| storagegateway:UpdateNFSFileShare | Admin | Admins manage NFS file shares. |
| storagegateway:UpdateSMBFileShare | Admin | |
| storagegateway:UpdateSMBSecurityStrategy | Admin | |
| storagegateway:UpdateSnapshotSchedule | Operator | Operators can manage when snapshots are created. Old snapshots are not deleted according to this schedule. |
| storagegateway:UpdateVTLDeviceType | Operator | Update medium changer in an already activated gateway-VTL. |