AWS Backup (IAM)

aws storage

AWS Backup is a fully managed backup service that centralizes and automates the backup of data across AWS services.

Common permissions

backup:ListBackupJobsbackup:ListBackupPlansbackup:ListBackupVaultsbackup:ListRestoreJobsbackup:StartBackupJobbackup:StartRestoreJobbackup:DescribeBackupJobbackup:DescribeRestoreJob

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "backup:ListBackupJobs",
        "backup:ListBackupPlans",
        "backup:ListBackupVaults",
        "backup:ListRestoreJobs",
        "backup:StartBackupJob",
        "backup:StartRestoreJob",
        "backup:DescribeBackupJob",
        "backup:DescribeRestoreJob"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid backup:* — grants full control including delete and modify of backup plans and vaults
Avoid backup:DeleteBackupPlan and backup:DeleteBackupVault unless explicitly needed — can cause permanent data loss

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/backup/backup.json ↗

API

full doc /v1/iam/backup