Amazon FSx (fsx)

2021-09-03

9 new actions, 2 new resources, 1 new condition | 4 updated actions

Additions

    Actions
  • CreateStorageVirtualMachine
    • Description:  Grants permission to create a new storage virtual machine in an Amazon FSx for Ontap file system
    • Access:  Write
    • Resources: 

      Name: file-system

      Required: Yes

      Name: storage-virtual-machine

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

    • Dependents: 

      fsx:TagResource

  • CreateVolume
    • Description:  Grants permission to create a new volume
    • Access:  Write
    • Resources: 

      Name: volume

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      fsx:StorageVirtualMachineId

    • Dependents: 

      fsx:TagResource

  • CreateVolumeFromBackup
    • Description:  Grants permission to create a new volume from backup
    • Access:  Write
    • Resources: 

      Name: backup

      Required: Yes

      Name: storage-virtual-machine

      Required: Yes

      Name: volume

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

      fsx:StorageVirtualMachineId

    • Dependents: 

      fsx:TagResource

  • DeleteStorageVirtualMachine
    • Description:  Grants permission to delete a storage virtual machine, deleting its contents.
    • Access:  Write
    • Resources: 

      Name: storage-virtual-machine

      Required: Yes

    • Conditions: 

      aws:TagKeys

  • DeleteVolume
    • Description:  Grants permission to delete a volume, deleting its contents and any existing automatic backups of the volume.
    • Access:  Write
    • Resources: 

      Name: volume

      Required: Yes

    • Conditions: 

      aws:TagKeys

      fsx:StorageVirtualMachineId

  • DescribeStorageVirtualMachines
    • Description:  Grants permission to return the descriptions of all storage virtual machines owned by your AWS account in the AWS Region of the endpoint that you're calling
    • Access:  Read
  • DescribeVolumes
    • Description:  Grants permission to return the descriptions of all volumes owned by your AWS account in the AWS Region of the endpoint that you're calling
    • Access:  Read
  • UpdateStorageVirtualMachine
    • Description:  Grants permission to update storage virtual machine configuration
    • Access:  Write
    • Resources: 

      Name: storage-virtual-machine

      Required: Yes

    • Conditions: 

      aws:TagKeys

  • UpdateVolume
    • Description:  Grants permission to update volume configuration
    • Access:  Write
    • Resources: 

      Name: volume

      Required: Yes

    • Conditions: 

      aws:TagKeys

      fsx:StorageVirtualMachineId

    Resources
  • storage-virtual-machine
    • Arn:  arn:${Partition}:fsx:${Region}:${Account}:storage-virtual-machine/${FileSystemId}/${StorageVirtualMachineId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • volume
    • Arn:  arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • fsx:StorageVirtualMachineId
    • Description:  Filters access by the containing storage virtual machine for a volume for mutating volume operations
    • Type:  String

Updates