AWS Elastic Disaster Recovery (drs)

Additions

Actions

• AssociateFailbackClientToRecoveryInstanceForDrs
  
  • Description:  Grants permission to get associate failback client to recovery instance
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• BatchCreateVolumeSnapshotGroupForDrs
  
  • Description:  Grants permission to batch create volume snapshot group
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• BatchDeleteSnapshotRequestForDrs
  
  • Description:  Grants permission to batch delete snapshot request
  • Access:  Write
• CreateRecoveryInstanceForDrs
  
  • Description:  Grants permission to create recovery instance
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateReplicationConfigurationTemplate
  
  • Description:  Grants permission to create replication configuration template
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• CreateSessionForDrs
  
  • Description:  Grants permission to create a session
  • Access:  Write
• CreateSourceServerForDrs
  
  • Description:  Grants permission to create a source server
  • Access:  Write
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• DeleteJob
  
  • Description:  Grants permission to delete a job
  • Access:  Write
  • Resources: 

    Name: JobResource

    Required: Yes

• DeleteRecoveryInstance
  
  • Description:  Grants permission to delete recovery instance
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• DeleteReplicationConfigurationTemplate
  
  • Description:  Grants permission to delete replication configuration template
  • Access:  Write
  • Resources: 

    Name: ReplicationConfigurationTemplateResource

    Required: Yes

• DeleteSourceServer
  
  • Description:  Grants permission to delete source server
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• DescribeJobLogItems
  
  • Description:  Grants permission to describe job log items
  • Access:  Read
  • Resources: 

    Name: JobResource

    Required: Yes

• DescribeJobs
  
  • Description:  Grants permission to describe jobs
  • Access:  Read
• DescribeRecoveryInstances
  
  • Description:  Grants permission to describe recovery instances
  • Access:  Read
  • Dependents: 

    ec2:DescribeInstances

• DescribeRecoverySnapshots
  
  • Description:  Grants permission to describe recovery snapshots
  • Access:  Read
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• DescribeReplicationConfigurationTemplates
  
  • Description:  Grants permission to describe replication configuration template
  • Access:  Read
• DescribeReplicationServerAssociationsForDrs
  
  • Description:  Grants permission to describe replication server associations
  • Access:  Read
• DescribeSnapshotRequestsForDrs
  
  • Description:  Grants permission to describe snapshot requests
  • Access:  Read
• DescribeSourceServers
  
  • Description:  Grants permission to describe source servers
  • Access:  Read
• DisconnectRecoveryInstance
  
  • Description:  Grants permission to disconnect recovery instance
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• DisconnectSourceServer
  
  • Description:  Grants permission to disconnect source server
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• GetAgentCommandForDrs
  
  • Description:  Grants permission to get agent command
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• GetAgentConfirmedResumeInfoForDrs
  
  • Description:  Grants permission to get agent confirmed resume info
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• GetAgentInstallationAssetsForDrs
  
  • Description:  Grants permission to get agent installation assets
  • Access:  Read
• GetAgentReplicationInfoForDrs
  
  • Description:  Grants permission to get agent replication info
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• GetAgentRuntimeConfigurationForDrs
  
  • Description:  Grants permission to get agent runtime configuration
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• GetAgentSnapshotCreditsForDrs
  
  • Description:  Grants permission to get agent snapshot credits
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• GetChannelCommandsForDrs
  
  • Description:  Grants permission to get channel commands
  • Access:  Read
• GetFailbackCommandForDrs
  
  • Description:  Grants permission to get failback command
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• GetFailbackLaunchRequestedForDrs
  
  • Description:  Grants permission to get failback launch requested
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• GetFailbackReplicationConfiguration
  
  • Description:  Grants permission to get failback replication configuration
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• GetLaunchConfiguration
  
  • Description:  Grants permission to get launch configuration
  • Access:  Read
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• GetReplicationConfiguration
  
  • Description:  Grants permission to get replication configuration
  • Access:  Read
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• GetSuggestedFailbackClientDeviceMappingForDrs
  
  • Description:  Grants permission to get suggested failback client device mapping
  • Access:  Read
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• InitializeService
  
  • Description:  Grants permission to initialize service
  • Access:  Write
  • Dependents: 

    iam:AddRoleToInstanceProfile

    iam:CreateInstanceProfile

    iam:CreateServiceLinkedRole

    iam:GetInstanceProfile

• IssueAgentCertificateForDrs
  
  • Description:  Grants permission to issue an agent certificate
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• ListTagsForResource
  
  • Description:  Grants permission to list tags for a resource
  • Access:  Read
• NotifyAgentAuthenticationForDrs
  
  • Description:  Grants permission to notify agent authentication
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• NotifyAgentConnectedForDrs
  
  • Description:  Grants permission to notify agent is connected
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• NotifyAgentDisconnectedForDrs
  
  • Description:  Grants permission to notify agent is disconnected
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• NotifyAgentReplicationProgressForDrs
  
  • Description:  Grants permission to notify agent replication progress
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• NotifyConsistencyAttainedForDrs
  
  • Description:  Grants permission to notify consistency attained
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• NotifyReplicationServerAuthenticationForDrs
  
  • Description:  Grants permission to notify replication server authentication
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• RetryDataReplication
  
  • Description:  Grants permission to retry data replication
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• SendAgentLogsForDrs
  
  • Description:  Grants permission to send agent logs
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• SendAgentMetricsForDrs
  
  • Description:  Grants permission to send agent metrics
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• SendChannelCommandResultForDrs
  
  • Description:  Grants permission to send channel command result
  • Access:  Write
• SendClientLogsForDrs
  
  • Description:  Grants permission to send client logs
  • Access:  Write
• SendClientMetricsForDrs
  
  • Description:  Grants permission to send client metrics
  • Access:  Write
• StartFailbackLaunch
  
  • Description:  Grants permission to start failback launch
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• StartRecovery
  
  • Description:  Grants permission to start recovery
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    drs:CreateRecoveryInstanceForDrs

    drs:ListTagsForResource

    ec2:AttachVolume

    ec2:AuthorizeSecurityGroupEgress

    ec2:AuthorizeSecurityGroupIngress

    ec2:CreateLaunchTemplate

    ec2:CreateLaunchTemplateVersion

    ec2:CreateSnapshot

    ec2:CreateTags

    ec2:CreateVolume

    ec2:DeleteLaunchTemplateVersions

    ec2:DeleteSnapshot

    ec2:DeleteVolume

    ec2:DescribeAccountAttributes

    ec2:DescribeAvailabilityZones

    ec2:DescribeImages

    ec2:DescribeInstanceAttribute

    ec2:DescribeInstanceStatus

    ec2:DescribeInstanceTypes

    ec2:DescribeInstances

    ec2:DescribeLaunchTemplateVersions

    ec2:DescribeLaunchTemplates

    ec2:DescribeSecurityGroups

    ec2:DescribeSnapshots

    ec2:DescribeSubnets

    ec2:DescribeVolumes

    ec2:DetachVolume

    ec2:ModifyInstanceAttribute

    ec2:ModifyLaunchTemplate

    ec2:RevokeSecurityGroupEgress

    ec2:RunInstances

    ec2:StartInstances

    ec2:StopInstances

    ec2:TerminateInstances

    iam:PassRole

• StopFailback
  
  • Description:  Grants permission to stop failback
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• TagResource
  
  • Description:  Grants permission to assign a resource tag
  • Access:  Tagging
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

• TerminateRecoveryInstances
  
  • Description:  Grants permission to terminate recovery instances
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

  • Dependents: 

    ec2:DeleteVolume

    ec2:DescribeInstances

    ec2:DescribeVolumes

    ec2:TerminateInstances

• UntagResource
  
  • Description:  Grants permission to untag a resource
  • Access:  Tagging
  • Conditions: 

    aws:TagKeys

• UpdateAgentBacklogForDrs
  
  • Description:  Grants permission to update agent backlog
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• UpdateAgentConversionInfoForDrs
  
  • Description:  Grants permission to update agent conversion info
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• UpdateAgentReplicationInfoForDrs
  
  • Description:  Grants permission to update agent replication info
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• UpdateAgentReplicationProcessStateForDrs
  
  • Description:  Grants permission to update agent replication process state
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• UpdateAgentSourcePropertiesForDrs
  
  • Description:  Grants permission to update agent source properties
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

    Name: SourceServerResource

    Required: Yes

• UpdateFailbackClientDeviceMappingForDrs
  
  • Description:  Grants permission to update failback client device mapping
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• UpdateFailbackClientLastSeenForDrs
  
  • Description:  Grants permission to update failback client last seen
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• UpdateFailbackReplicationConfiguration
  
  • Description:  Grants permission to update failback replication configuration
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• UpdateLaunchConfiguration
  
  • Description:  Grants permission to update launch configuration
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• UpdateReplicationCertificateForDrs
  
  • Description:  Grants permission to update a replication certificate
  • Access:  Write
  • Resources: 

    Name: RecoveryInstanceResource

    Required: Yes

• UpdateReplicationConfiguration
  
  • Description:  Grants permission to update replication configuration
  • Access:  Write
  • Resources: 

    Name: SourceServerResource

    Required: Yes

• UpdateReplicationConfigurationTemplate
  
  • Description:  Grants permission to update replication configuration template
  • Access:  Write
  • Resources: 

    Name: ReplicationConfigurationTemplateResource

    Required: Yes

Resources

• JobResource
  
  • Arn:  arn:${Partition}:drs:${Region}:${Account}:job/${JobID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• RecoveryInstanceResource
  
  • Arn:  arn:${Partition}:drs:${Region}:${Account}:recovery-instance/${RecoveryInstanceID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

    drs:EC2InstanceARN

• ReplicationConfigurationTemplateResource
  
  • Arn:  arn:${Partition}:drs:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

• SourceServerResource
  
  • Arn:  arn:${Partition}:drs:${Region}:${Account}:source-server/${SourceServerID}
  • Conditions: 

    aws:ResourceTag/${TagKey}

Conditions

• aws:RequestTag/${TagKey}
  
  • Description:  Filters access by the presence of tag key-value pairs in the request
  • Type:  String
• aws:ResourceTag/${TagKey}
  
  • Description:  Filters access by tag key-value pairs attached to the resource
  • Type:  String
• aws:TagKeys
  
  • Description:  Filters access by the presence of tag keys in the request
  • Type:  String
• drs:EC2InstanceARN
  
  • Description:  Filters access by the EC2 instance the request originated from
  • Type:  String