Required IAM permissions for using Amazon DataSync
Amazon DataSync can move your data to an Amazon S3 bucket, Amazon EFS file system, or a number of other Amazon storage services. To get your data where you want it to go, you need the right Amazon Identity and Access Management (IAM) permissions granted to your identity. For example, the IAM role that you use with DataSync needs permission to use the Amazon S3 operations required to transfer data to an S3 bucket.
You can grant these permissions with IAM policies provided by Amazon or by creating your own policies.
Amazon managed policies
Amazon provides the following managed policies for common DataSync use cases:
-
AWSDataSyncReadOnlyAccess
– Provides read-only access to DataSync. -
AWSDataSyncFullAccess
– Provides full access to DataSync and minimal access to its dependencies.
For more information, see Amazon managed policies for Amazon DataSync.
Customer managed policies
You can create custom IAM policies to use with DataSync. For more information, see IAM customer managed policies for Amazon DataSync.