AWS Snowball (IAM)

aws storage

AWS Snowball is a petabyte-scale data transport solution that uses secure physical devices to transfer large amounts of data into and out of AWS.

Common permissions

snowball:ListJobssnowball:DescribeJobsnowball:CreateJobsnowball:UpdateJobsnowball:GetJobManifestsnowball:GetJobUnlockCodesnowball:ListClusterssnowball:DescribeCluster

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "snowball:ListJobs",
        "snowball:DescribeJob",
        "snowball:CreateJob",
        "snowball:UpdateJob",
        "snowball:GetJobManifest",
        "snowball:GetJobUnlockCode",
        "snowball:ListClusters",
        "snowball:DescribeCluster"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid snowball:* — grants full control including delete and modify operations.
Avoid snowball:CreateJob — can create costly data transfer jobs.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/snowball/snowball.json ↗

API

full doc /v1/iam/snowball