[SoftNAS KB]: IAM User for SNAP HA
For those customers that are not comfortable using the AWS Master keys for setting up SNAP HA you can avoid this be creating an IAM user. The IAM user would need to have the following permissions assigned to it and the credentials for that user could then be used to establish the SNAP HA.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1444200186000",
"Effect": "Allow",
"Action": [
"_comment: Required for EBS Add/Delete",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:ModifyInstanceAttribute",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:DescribeInstances",
"_comment: Required for Snapshot Backup/Restore",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"_comment: Required for HA",
"ec2:DescribeRouteTables",
"ec2:DescribeAddresses",
"ec2:DescribeTags",
"ec2:DescribeInstances",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ReplaceRoute",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"_comment: Required for HA/S3",
"s3:CreateBucket",
"s3:Delete*",
"s3:Get*",
"s3:List*",
"s3:Put*",
],
"Resource": [
"*"
]
}
]
}