The following is a list of the required policy actions. Ensure that AWS account permissions are adjusted to include these capabilities:
Allow the following actions:
- elasticfilesystem:DeleteTags
- elasticfilesystem:DeleteAccessPoint
- elasticfilesystem:DeleteFileSystemPolicy
- elasticfilesystem:DescribeBackupPolicy
- elasticfilesystem:DescribeFileSystems
- elasticfilesystem:DescribeFileSystemPolicy
- elasticfilesystem:DescribeLifecycleConfiguration
- elasticfilesystem:DescribeMountTargets
- elasticfilesystem:DescribeMountTargetSecurityGroups
- elasticfilesystem:DescribeTags
- elasticfilesystem:DescribeAccessPoint
- elasticfilesystem:ModifyMountTargetSecurityGroups
- elasticfilesystem:PutBackupPolicy
- elasticfilesystem:PutLifecycleConfiguration
- elasticfilesystem:PutFileSystemPolicy
- elasticfilesystem:UpdateFileSystem
- elasticfilesystem:TagResource
- elasticfilesystem:UntagResource
- elasticfilesystem:ListTagsForResource
- elasticfilesystem:Backup
- elasticfilesystem:Restore
- elasticloadbalancing:*
- events:DeleteRule
- events:EnableRule
- events:List*
- events:Put*
- events:RemoveTarget
- events:TestEventPattern
- kms:DescribeKey
- kms:ListAliases
- logs:*
- purchase-orders:*PurchaseOrders
- route53 resolver:*
- network-firewall:List*
- s3:*
- servicelens:*
- ssm:StartSession
- ssm:TerminateSession
- "sts:DecodeAuthorizationMessage
- synthetics:*
- xray:*
- iam:PassRole
- Iam:CreateServiceLinkedRole
- Iam:AWSServiceName:
- Autoscaling.amazonaws.com
- Ec2scheduled.amazonaws.com
- Elasticfilesystem.amazonaws.com
- Elasticloadbalancing.amazonaws.com
- Spot.amazonaws.com
- Spotfleet.amazonaws.com
- Transitgateway.amazonaws.com