Required IAM permissions for using Amazon DataSync - Amazon DataSync
Amazon managed policiesCustomer managed policies
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Required IAM permissions for using Amazon DataSync

Amazon DataSync can move your data to an Amazon S3 bucket, Amazon EFS file system, or a number of other Amazon storage services. To get your data where you want it to go, you need the right Amazon Identity and Access Management (IAM) permissions granted to your identity. For example, the IAM role that you use with DataSync needs permission to use the Amazon S3 operations required to transfer data to an S3 bucket.

You can grant these permissions with IAM policies provided by Amazon or by creating your own policies.

Amazon managed policies

Amazon provides the following managed policies for common DataSync use cases:

  • AWSDataSyncReadOnlyAccess – Provides read-only access to DataSync.

  • AWSDataSyncFullAccess – Provides full access to DataSync and minimal access to its dependencies.

For more information, see Amazon managed policies for Amazon DataSync.

Customer managed policies

You can create custom IAM policies to use with DataSync. For more information, see IAM customer managed policies for Amazon DataSync.