AWS Elastic Disaster Recovery (drs)

2021-11-18

67 new actions, 4 new resources, 4 new conditions

Additions

    Actions
  • AssociateFailbackClientToRecoveryInstanceForDrs
    • Description:  Grants permission to get associate failback client to recovery instance
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • BatchCreateVolumeSnapshotGroupForDrs
    • Description:  Grants permission to batch create volume snapshot group
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • BatchDeleteSnapshotRequestForDrs
    • Description:  Grants permission to batch delete snapshot request
    • Access:  Write
  • CreateRecoveryInstanceForDrs
    • Description:  Grants permission to create recovery instance
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateReplicationConfigurationTemplate
    • Description:  Grants permission to create replication configuration template
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateSessionForDrs
    • Description:  Grants permission to create a session
    • Access:  Write
  • CreateSourceServerForDrs
    • Description:  Grants permission to create a source server
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • DeleteJob
    • Description:  Grants permission to delete a job
    • Access:  Write
    • Resources: 

      Name: JobResource

      Required: Yes

  • DeleteRecoveryInstance
    • Description:  Grants permission to delete recovery instance
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • DeleteReplicationConfigurationTemplate
    • Description:  Grants permission to delete replication configuration template
    • Access:  Write
    • Resources: 

      Name: ReplicationConfigurationTemplateResource

      Required: Yes

  • DeleteSourceServer
    • Description:  Grants permission to delete source server
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • DescribeJobLogItems
    • Description:  Grants permission to describe job log items
    • Access:  Read
    • Resources: 

      Name: JobResource

      Required: Yes

  • DescribeJobs
    • Description:  Grants permission to describe jobs
    • Access:  Read
  • DescribeRecoveryInstances
    • Description:  Grants permission to describe recovery instances
    • Access:  Read
    • Dependents: 

      ec2:DescribeInstances

  • DescribeRecoverySnapshots
    • Description:  Grants permission to describe recovery snapshots
    • Access:  Read
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • DescribeReplicationConfigurationTemplates
    • Description:  Grants permission to describe replication configuration template
    • Access:  Read
  • DescribeReplicationServerAssociationsForDrs
    • Description:  Grants permission to describe replication server associations
    • Access:  Read
  • DescribeSnapshotRequestsForDrs
    • Description:  Grants permission to describe snapshot requests
    • Access:  Read
  • DescribeSourceServers
    • Description:  Grants permission to describe source servers
    • Access:  Read
  • DisconnectRecoveryInstance
    • Description:  Grants permission to disconnect recovery instance
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • DisconnectSourceServer
    • Description:  Grants permission to disconnect source server
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • GetAgentCommandForDrs
    • Description:  Grants permission to get agent command
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • GetAgentConfirmedResumeInfoForDrs
    • Description:  Grants permission to get agent confirmed resume info
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • GetAgentInstallationAssetsForDrs
    • Description:  Grants permission to get agent installation assets
    • Access:  Read
  • GetAgentReplicationInfoForDrs
    • Description:  Grants permission to get agent replication info
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • GetAgentRuntimeConfigurationForDrs
    • Description:  Grants permission to get agent runtime configuration
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • GetAgentSnapshotCreditsForDrs
    • Description:  Grants permission to get agent snapshot credits
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • GetChannelCommandsForDrs
    • Description:  Grants permission to get channel commands
    • Access:  Read
  • GetFailbackCommandForDrs
    • Description:  Grants permission to get failback command
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • GetFailbackLaunchRequestedForDrs
    • Description:  Grants permission to get failback launch requested
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • GetFailbackReplicationConfiguration
    • Description:  Grants permission to get failback replication configuration
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • GetLaunchConfiguration
    • Description:  Grants permission to get launch configuration
    • Access:  Read
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • GetReplicationConfiguration
    • Description:  Grants permission to get replication configuration
    • Access:  Read
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • GetSuggestedFailbackClientDeviceMappingForDrs
    • Description:  Grants permission to get suggested failback client device mapping
    • Access:  Read
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • InitializeService
    • Description:  Grants permission to initialize service
    • Access:  Write
    • Dependents: 

      iam:AddRoleToInstanceProfile

      iam:CreateInstanceProfile

      iam:CreateServiceLinkedRole

      iam:GetInstanceProfile

  • IssueAgentCertificateForDrs
    • Description:  Grants permission to issue an agent certificate
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • ListTagsForResource
    • Description:  Grants permission to list tags for a resource
    • Access:  Read
  • NotifyAgentAuthenticationForDrs
    • Description:  Grants permission to notify agent authentication
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • NotifyAgentConnectedForDrs
    • Description:  Grants permission to notify agent is connected
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • NotifyAgentDisconnectedForDrs
    • Description:  Grants permission to notify agent is disconnected
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • NotifyAgentReplicationProgressForDrs
    • Description:  Grants permission to notify agent replication progress
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • NotifyConsistencyAttainedForDrs
    • Description:  Grants permission to notify consistency attained
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • NotifyReplicationServerAuthenticationForDrs
    • Description:  Grants permission to notify replication server authentication
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • RetryDataReplication
    • Description:  Grants permission to retry data replication
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • SendAgentLogsForDrs
    • Description:  Grants permission to send agent logs
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • SendAgentMetricsForDrs
    • Description:  Grants permission to send agent metrics
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • SendChannelCommandResultForDrs
    • Description:  Grants permission to send channel command result
    • Access:  Write
  • SendClientLogsForDrs
    • Description:  Grants permission to send client logs
    • Access:  Write
  • SendClientMetricsForDrs
    • Description:  Grants permission to send client metrics
    • Access:  Write
  • StartFailbackLaunch
    • Description:  Grants permission to start failback launch
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • StartRecovery
    • Description:  Grants permission to start recovery
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

    • Dependents: 

      drs:CreateRecoveryInstanceForDrs

      drs:ListTagsForResource

      ec2:AttachVolume

      ec2:AuthorizeSecurityGroupEgress

      ec2:AuthorizeSecurityGroupIngress

      ec2:CreateLaunchTemplate

      ec2:CreateLaunchTemplateVersion

      ec2:CreateSnapshot

      ec2:CreateTags

      ec2:CreateVolume

      ec2:DeleteLaunchTemplateVersions

      ec2:DeleteSnapshot

      ec2:DeleteVolume

      ec2:DescribeAccountAttributes

      ec2:DescribeAvailabilityZones

      ec2:DescribeImages

      ec2:DescribeInstanceAttribute

      ec2:DescribeInstanceStatus

      ec2:DescribeInstanceTypes

      ec2:DescribeInstances

      ec2:DescribeLaunchTemplateVersions

      ec2:DescribeLaunchTemplates

      ec2:DescribeSecurityGroups

      ec2:DescribeSnapshots

      ec2:DescribeSubnets

      ec2:DescribeVolumes

      ec2:DetachVolume

      ec2:ModifyInstanceAttribute

      ec2:ModifyLaunchTemplate

      ec2:RevokeSecurityGroupEgress

      ec2:RunInstances

      ec2:StartInstances

      ec2:StopInstances

      ec2:TerminateInstances

      iam:PassRole

  • StopFailback
    • Description:  Grants permission to stop failback
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • TagResource
    • Description:  Grants permission to assign a resource tag
    • Access:  Tagging
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • TerminateRecoveryInstances
    • Description:  Grants permission to terminate recovery instances
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

    • Dependents: 

      ec2:DeleteVolume

      ec2:DescribeInstances

      ec2:DescribeVolumes

      ec2:TerminateInstances

  • UntagResource
    • Description:  Grants permission to untag a resource
    • Access:  Tagging
    • Conditions: 

      aws:TagKeys

  • UpdateAgentBacklogForDrs
    • Description:  Grants permission to update agent backlog
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • UpdateAgentConversionInfoForDrs
    • Description:  Grants permission to update agent conversion info
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • UpdateAgentReplicationInfoForDrs
    • Description:  Grants permission to update agent replication info
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • UpdateAgentReplicationProcessStateForDrs
    • Description:  Grants permission to update agent replication process state
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • UpdateAgentSourcePropertiesForDrs
    • Description:  Grants permission to update agent source properties
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

      Name: SourceServerResource

      Required: Yes

  • UpdateFailbackClientDeviceMappingForDrs
    • Description:  Grants permission to update failback client device mapping
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • UpdateFailbackClientLastSeenForDrs
    • Description:  Grants permission to update failback client last seen
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • UpdateFailbackReplicationConfiguration
    • Description:  Grants permission to update failback replication configuration
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • UpdateLaunchConfiguration
    • Description:  Grants permission to update launch configuration
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • UpdateReplicationCertificateForDrs
    • Description:  Grants permission to update a replication certificate
    • Access:  Write
    • Resources: 

      Name: RecoveryInstanceResource

      Required: Yes

  • UpdateReplicationConfiguration
    • Description:  Grants permission to update replication configuration
    • Access:  Write
    • Resources: 

      Name: SourceServerResource

      Required: Yes

  • UpdateReplicationConfigurationTemplate
    • Description:  Grants permission to update replication configuration template
    • Access:  Write
    • Resources: 

      Name: ReplicationConfigurationTemplateResource

      Required: Yes

    Resources
  • JobResource
    • Arn:  arn:${Partition}:drs:${Region}:${Account}:job/${JobID}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • RecoveryInstanceResource
    • Arn:  arn:${Partition}:drs:${Region}:${Account}:recovery-instance/${RecoveryInstanceID}
    • Conditions: 

      aws:ResourceTag/${TagKey}

      drs:EC2InstanceARN

  • ReplicationConfigurationTemplateResource
    • Arn:  arn:${Partition}:drs:${Region}:${Account}:replication-configuration-template/${ReplicationConfigurationTemplateID}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • SourceServerResource
    • Arn:  arn:${Partition}:drs:${Region}:${Account}:source-server/${SourceServerID}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the presence of tag key-value pairs in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by tag key-value pairs attached to the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the presence of tag keys in the request
    • Type:  String
  • drs:EC2InstanceARN
    • Description:  Filters access by the EC2 instance the request originated from
    • Type:  String