Minimum Required AWS Permissions

Permissions for IAM roles can be specified by creating a policy in JSON format. The required AWS permissions are listed below. For further details, see Zerto - Prerequisites & Requirements for Amazon Web Services (AWS).

{

"Version": "2012-10-17",
"Statement": [
  {
    "Effect": "Allow",
     "Action": [
      "ec2:AttachNetworkInterface",
      "ec2:AttachVolume",
      "ec2:AuthorizeSecurityGroupIngress",
       "ec2:CancelConversionTask",
       "ec2:CancelImportTask",
      "ec2:CreateNetworkInterface",
      "ec2:CreateSecurityGroup",
      "ec2:CreateSnapshot",
      "ec2:CreateTags",
     

      "ec2:CreateVolume",
      "ec2:DeleteNetworkInterface",
      "ec2:DeleteSecurityGroup",
      "ec2:DeleteSnapshot",
      "ec2:DeleteTags",
      "ec2:DeleteVolume",
      "ec2:DescribeAvailabilityZones",
      "ec2:DescribeConversionTasks",
           "ec2:DescribeImages",
      "ec2:DescribeInstanceAttribute",
      "ec2:DescribeInstances",
     

      "ec2:DescribeInstanceStatus",
       "ec2:DescribeNetworkInterfaces",
      "ec2:DescribeRegions",
      "ec2:DescribeSnapshots",
      "ec2:DescribeSecurityGroups",
      "ec2:DescribeSubnets",
      "ec2:DescribeTags",
      "ec2:DescribeVolumes",
      "ec2:DescribeVolumeStatus",
      "ec2:DescribeVpcEndpoints",
       "ec2:DescribeVpcs",
      "ec2:DetachNetworkInterface",
      "ec2:DetachVolume",
      "ec2:ImportInstance",
       "ec2:ImportVolume",
 

      "ec2:ModifyVolume",
      "ec2:ModifyInstanceAttribute",
      "ec2:ModifyNetworkInterfaceAttribute",
           "ec2:RunInstances",
      "ec2:StartInstances",
      "ec2:StopInstances",
      "ec2:TerminateInstances",
      "s3:CreateBucket",
      "s3:DeleteBucket",
      "s3:DeleteObject",
      "s3:GetBucketLocation",
      "s3:GetBucketPolicy",
      "s3:GetObject",
      "s3:GetObjectVersion",
      "s3:ListAllMyBuckets",
       "s3:ListBucket",


     "s3:ListBucketMultipartUploads",
     "s3:ListBucketVersions",
     "s3:PutBucketTagging",
      "s3:PutObject",
     "s3:PutLifecycleConfiguration",
     "s3:DeleteObjectVersion",
     "s3:HeadBucket",
     "iam:GetPolicyVersion",
      "iam:ListAttachedRolePolicies",
     "iam:ListPolicyVersions",
     "iam:PassRole",
      "cloudtrail:DescribeTrails",
     "cloudtrail:GetTrailStatus",
     "cloudtrail:LookupEvents"
    ],
    "Resource": "*"
   }
  ]
}