AWS Storage Gateway User Guide
Using Identity-Based Policies (IAM Policies)
Example 1: Allow Any Storage Gateway Actions on All Gateways
The following policy allows a user to perform all the Storage Gateway actions. The policy also allows
the user to perform Amazon EC2 actions (
and
) on the Amazon EBS
snapshots generated from Storage Gateway.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowsAllAWSStorageGatewayActions",
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": "*"
},
{You can use Windows ACLs only with file shares that are enabled for Active
Directory.
"Sid": "AllowsSpecifiedEC2Actions",
"Action": [
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Example 2: Allow Read-Only Access to a Gateway
The following policy allows all
List*
and
Describe*
actions on all resources. Note that these actions
are read-only actions. Thus, the policy doesn't allow the user to change the state of any resources—that
is, the policy doesn't allow the user to perform actions such as
DeleteGateway
,
ActivateGateway
,
and
ShutdownGateway
.
The policy also allows the
DescribeSnapshots
Amazon EC2 action. For more information, see
in the
Amazon EC2 API Reference
.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadOnlyAccessToAllGateways",
"Action": [
"storagegateway:List*",
"storagegateway:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "AllowsUserToDescribeSnapshotsOnAllGateways",
"Action": [
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
API Version 2013-06-30
302