Permisos de AWS IAM necesarios para Amazon EC2
Versión del producto: 8.1
Último modificado: 17 dic 2018
Pregunta
No quiero conceder permisos IAM administrativos completos a NAKIVO Backup & Replication.
¿Cuáles son los permisos requeridos por NAKIVO Backup & Replication para trabajar con instancias de Amazon EC2?
Respuesta
Se requieren los siguientes permisos de IAM de Amazon Web Services:
{
"Versión": "2012-10-17",
"Statement": [
{
"Acción": [
"ec2:DescribeAvailabilityZones",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotAttribute",
"ec2:DescribeKeyPairs",
"ec2:DescribeTags" ],
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"ec2:AttachClassicLinkVpc",
"ec2:DetachClassicLinkVpc",
"ec2:GetConsoleScreenshot",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:TerminateInstances",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyInstancePlacement",
"ec2:ImportInstance" ],
"Effect": "Allow",
"Resource": "*" },
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"ec2:CreateKeyPair",
"ec2:DeleteKeyPair" ],
"Efecto": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup" ],
"Efecto": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupIngress" ],
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"ec2:CreateVpc",
"ec2:DeleteVpc" ],
"Efecto": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:CreateSubnet",
"ec2:DeleteSubnet",
"ec2:ModifySubnetAttribute" ],
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"ec2:DescribeInternetGateways",
"ec2:CreateInternetGateway",
"ec2:DeleteInternetGateway",
"ec2:AttachInternetGateway" ],
"Effect": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:DescribeRouteTables",
"ec2:CreateRouteTable",
"ec2:CreateRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteRoute",
"ec2:AssociateRouteTable" ],
"Effect": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:ModifyVolumeAttribute" ],
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot" ],
"Effect": "Permitir",
"Recurso": "*" },
{
"Action": [
"ec2:DeregisterImage",
"ec2:RegisterImage",
"ec2:CreateImage" ],
"Effect": "Permitir",
"Recurso": "*" },
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*" },
{
"Action": [
"aws-marketplace:Subscribe",
"aws-marketplace:ViewSubscriptions",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:DescribeAccountAttributes" ],
"Effect": "Allow",
"Resource": "*"
}
]
}