Veeam Backup for AWS 6a [Archived]
User Guide
Related documents
Search
This is an archive version of the document. To get the most up-to-date information, see the current version.

RDS Restore IAM Permissions

To perform RDS restore operations, IAM roles and IAM users specified in the restore settings must be granted the following permissions:

{

   "Version": "2012-10-17",

   "Statement": [

       {

           "Action": [

               "ec2:DescribeAvailabilityZones",

               "ec2:DescribeDhcpOptions",

               "ec2:DescribeInternetGateways",

               "ec2:DescribeRegions",

               "ec2:DescribeSecurityGroups",

               "ec2:DescribeSubnets",

               "ec2:DescribeVpcAttribute",

               "ec2:DescribeVpcs",

               "events:DeleteRule",

               "events:DescribeRule",

               "events:ListTargetsByRule",

               "events:PutRule",

               "events:PutTargets",

               "events:RemoveTargets",

               "iam:CreateServiceLinkedRole",

               "iam:GetContextKeysForPrincipalPolicy",

               "iam:ListAccountAliases",

               "iam:PassRole",

               "iam:SimulatePrincipalPolicy",

               "kms:CreateGrant",

               "kms:DescribeKey",

               "kms:GetKeyPolicy",

               "kms:ListAliases",

               "kms:ListKeys",

               "rds:AddTagsToResource",

               "rds:CopyDBClusterSnapshot",

               "rds:CopyDBSnapshot",

               "rds:CreateDBInstance",

               "rds:DeleteDBCluster",

               "rds:DeleteDbclusterSnapshot",

               "rds:DeleteDBInstance",

               "rds:DeleteDBSnapshot",

               "rds:DescribeAccountAttributes",

               "rds:DescribeDBClusterParameterGroups",

               "rds:DescribeDBClusterParameters",

               "rds:DescribeDBClusters",

               "rds:DescribeDBClusterSnapshots",

               "rds:DescribeDBEngineVersions",

               "rds:DescribeDBInstances",

               "rds:DescribeDBParameterGroups",

               "rds:DescribeDBSnapshots",

               "rds:DescribeDBSubnetGroups",

               "rds:DescribeOptionGroups",

               "rds:DescribeOrderableDBInstanceOptions",

               "rds:ListTagsForResource",

               "rds:ModifyDBCluster",

               "rds:ModifyDBClusterSnapshotAttribute",

               "rds:ModifyDBInstance",

               "rds:ModifyDBSnapshotAttribute",

               "rds:RemoveTagsFromResource",

               "rds:RestoreDBClusterFromSnapshot",

               "rds:RestoreDBInstanceFromDBSnapshot",

               "servicequotas:ListServiceQuotas",

               "sns:CreateTopic",

               "sns:DeleteTopic",

               "sns:ListSubscriptionsByTopic",

               "sns:ListTopics",

               "sns:SetTopicAttributes",

               "sns:Subscribe",

               "sns:Unsubscribe",

               "sqs:CreateQueue",

               "sqs:DeleteMessage",

               "sqs:DeleteQueue",

               "sqs:ListQueues",

               "sqs:ReceiveMessage",

               "sqs:SendMessage",

               "sqs:SetQueueAttributes"

           ],

                     "Resource": "*",

                     "Effect": "Allow"

         }

   ]

}

To learn how to create IAM roles and assign them the required permissions, see Appendix A. Creating IAM Roles in AWS.

View all results across Veeam
Back to document search