{ "backup": { "name": "Backup", "isPermissionOnly": true, "description": "Grants permission to start a backup job for an existing file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "clientmount": { "name": "ClientMount", "isPermissionOnly": true, "description": "Grants permission to allow an NFS client read-access to a file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "elasticfilesystem:AccessPointArn", "elasticfilesystem:AccessedViaMountTarget" ], "dependentActions": [] }, "clientrootaccess": { "name": "ClientRootAccess", "isPermissionOnly": true, "description": "Grants permission to allow an NFS client root-access to a file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "elasticfilesystem:AccessPointArn", "elasticfilesystem:AccessedViaMountTarget" ], "dependentActions": [] }, "clientwrite": { "name": "ClientWrite", "isPermissionOnly": true, "description": "Grants permission to allow an NFS client write-access to a file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "elasticfilesystem:AccessPointArn", "elasticfilesystem:AccessedViaMountTarget" ], "dependentActions": [] }, "createaccesspoint": { "name": "CreateAccessPoint", "description": "Grants permission to create an access point for the specified file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [ "elasticfilesystem:TagResource" ] } ], "conditionKeys": [ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], "dependentActions": [] }, "createfilesystem": { "name": "CreateFileSystem", "description": "Grants permission to create a new, empty file system", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "elasticfilesystem:Encrypted" ], "dependentActions": [ "elasticfilesystem:TagResource" ] }, "createmounttarget": { "name": "CreateMountTarget", "description": "Grants permission to create a mount target for a file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createreplicationconfiguration": { "name": "CreateReplicationConfiguration", "description": "Grants permission to create a new replication configuration", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "createtags": { "name": "CreateTags", "description": "Grants permission to create or overwrite tags associated with a file system; deprecated, see TagResource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "dependentActions": [] }, "deleteaccesspoint": { "name": "DeleteAccessPoint", "description": "Grants permission to delete the specified access point", "accessLevel": "Write", "resourceTypes": [ { "name": "access-point", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletefilesystem": { "name": "DeleteFileSystem", "description": "Grants permission to delete a file system, permanently severing access to its contents", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletefilesystempolicy": { "name": "DeleteFileSystemPolicy", "description": "Grants permission to delete the resource-level policy for a file system", "accessLevel": "Permissions management", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletemounttarget": { "name": "DeleteMountTarget", "description": "Grants permission to delete the specified mount target", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletereplicationconfiguration": { "name": "DeleteReplicationConfiguration", "description": "Grants permission to delete a replication configuration", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "deletetags": { "name": "DeleteTags", "description": "Grants permission to delete the specified tags from a file system; deprecated, see UntagResource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "describeaccesspoints": { "name": "DescribeAccessPoints", "description": "Grants permission to view the descriptions of Amazon EFS access points", "accessLevel": "List", "resourceTypes": [ { "name": "access-point", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describeaccountpreferences": { "name": "DescribeAccountPreferences", "description": "Grants permission to view the account preferences in effect for an account", "accessLevel": "List", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "describebackuppolicy": { "name": "DescribeBackupPolicy", "description": "Grants permission to view the BackupPolicy object for an Amazon EFS file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describefilesystempolicy": { "name": "DescribeFileSystemPolicy", "description": "Grants permission to view the resource-level policy for an Amazon EFS file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describefilesystems": { "name": "DescribeFileSystems", "description": "Grants permission to view the description of an Amazon EFS file system specified by file system CreationToken or FileSystemId; or to view the description of all file systems owned by the caller's AWS account in the AWS region of the endpoint that is being called", "accessLevel": "List", "resourceTypes": [ { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describelifecycleconfiguration": { "name": "DescribeLifecycleConfiguration", "description": "Grants permission to view the LifecycleConfiguration object for an Amazon EFS file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describemounttargetsecuritygroups": { "name": "DescribeMountTargetSecurityGroups", "description": "Grants permission to view the security groups in effect for a mount target", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describemounttargets": { "name": "DescribeMountTargets", "description": "Grants permission to view the descriptions of all mount targets, or a specific mount target, for a file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] }, { "name": "access-point", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describereplicationconfigurations": { "name": "DescribeReplicationConfigurations", "description": "Grants permission to view the description of an Amazon EFS replication configuration specified by FileSystemId; or to view the description of all replication configurations owned by the caller's AWS account in the AWS region of the endpoint that is being called", "accessLevel": "List", "resourceTypes": [ { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "describetags": { "name": "DescribeTags", "description": "Grants permission to view the tags associated with a file system", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "listtagsforresource": { "name": "ListTagsForResource", "description": "Grants permission to view the tags associated with the specified Amazon EFS resource", "accessLevel": "Read", "resourceTypes": [ { "name": "access-point", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "modifymounttargetsecuritygroups": { "name": "ModifyMountTargetSecurityGroups", "description": "Grants permission to modify the set of security groups in effect for a mount target", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "putaccountpreferences": { "name": "PutAccountPreferences", "description": "Grants permission to set the account preferences of an account", "accessLevel": "Write", "resourceTypes": [], "conditionKeys": [], "dependentActions": [] }, "putbackuppolicy": { "name": "PutBackupPolicy", "description": "Grants permission to enable or disable automatic backups with AWS Backup by creating a new BackupPolicy object", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "putfilesystempolicy": { "name": "PutFileSystemPolicy", "description": "Grants permission to apply a resource-level policy that defines the actions allowed or denied from given actors for the specified file system", "accessLevel": "Permissions management", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "putlifecycleconfiguration": { "name": "PutLifecycleConfiguration", "description": "Grants permission to enable lifecycle management by creating a new LifecycleConfiguration object", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "replicationread": { "name": "ReplicationRead", "isPermissionOnly": true, "description": "Grants permission to read file system data for replication", "accessLevel": "Read", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "replicationwrite": { "name": "ReplicationWrite", "isPermissionOnly": true, "description": "Grants permission to replicate data to a file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "restore": { "name": "Restore", "isPermissionOnly": true, "description": "Grants permission to start a restore job for a backup of a file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "tagresource": { "name": "TagResource", "description": "Grants permission to create or overwrite tags associated with the specified Amazon EFS resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "access-point", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "elasticfilesystem:CreateAction" ], "dependentActions": [] }, "untagresource": { "name": "UntagResource", "description": "Grants permission to delete the specified tags from an Amazon EFS resource", "accessLevel": "Tagging", "resourceTypes": [ { "name": "access-point", "required": false, "conditionKeys": [], "dependentActions": [] }, { "name": "file-system", "required": false, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [ "aws:TagKeys" ], "dependentActions": [] }, "updatefilesystem": { "name": "UpdateFileSystem", "description": "Grants permission to update the throughput mode or the amount of provisioned throughput of an existing file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] }, "updatefilesystemprotection": { "name": "UpdateFileSystemProtection", "description": "Grants permission to update the file system protection of an existing file system", "accessLevel": "Write", "resourceTypes": [ { "name": "file-system", "required": true, "conditionKeys": [], "dependentActions": [] } ], "conditionKeys": [], "dependentActions": [] } }