Required IAM permissions for using Amazon DataSync - Amazon DataSync
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

On December 7, 2023, we discontinued version 1 DataSync agents. Check the Agents page on the DataSync console to see if you have affected agents. If you do, replace those agents or delete them if they aren't in use. If you need more help, contact Amazon Web Services Support.

Required IAM permissions for using Amazon DataSync

Amazon DataSync can move your data to an Amazon S3 bucket, Amazon EFS file system, or a number of other Amazon storage services. To get your data where you want it to go, you need the right Amazon Identity and Access Management (IAM) permissions granted to your identity. For example, the IAM role that you use with DataSync needs permission to use the Amazon S3 operations required to transfer data to an S3 bucket.

You can grant these permissions with IAM policies provided by Amazon or by creating your own policies.

Amazon managed policies

Amazon provides the following managed policies for common DataSync use cases:

  • AWSDataSyncReadOnlyAccess – Provides read-only access to DataSync.

  • AWSDataSyncFullAccess – Provides full access to DataSync and minimal access to its dependencies.

For more information, see Amazon managed policies for Amazon DataSync.

Customer managed policies

You can create custom IAM policies to use with DataSync. For more information, see IAM customer managed policies for Amazon DataSync.