AWS Storage Gateway User Guide
Using Identity-Based Policies (IAM Policies)
Example 1: Allow Any Storage Gateway Actions on All Gateways
The following policy allows a user to perform all the Storage Gateway actions. The policy also allows
the user to perform Amazon EC2 actions (DescribeSnapshots and DeleteSnapshot) on the Amazon EBS
snapshots generated from Storage Gateway.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowsAllAWSStorageGatewayActions",
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": "*"
},
{You can use Windows ACLs only with file shares that are enabled for Active
Directory.
"Sid": "AllowsSpecifiedEC2Actions",
"Action": [
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Example 2: Allow Read-Only Access to a Gateway
The following policy allows all List* and Describe* actions on all resources. Note that these actions
are read-only actions. Thus, the policy doesn't allow the user to change the state of any resources—that
is, the policy doesn't allow the user to perform actions such as DeleteGateway, ActivateGateway,
and ShutdownGateway.
The policy also allows the DescribeSnapshots Amazon EC2 action. For more information, see
DescribeSnapshots in the Amazon EC2 API Reference.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadOnlyAccessToAllGateways",
"Action": [
"storagegateway:List*",
"storagegateway:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "AllowsUserToDescribeSnapshotsOnAllGateways",
"Action": [
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
API Version 2013-06-30
302
To Next Page
Loading...