IAM minimal permissions comparison

v4.2.1 -> v4.3.0 minimal permissions comparison

This table shows the new permissions added to the minimal permission json files in comparison to 4.2.0

Azure

AWS

"ec2:LockSnapshot",

"ec2:UnlockSnapshot",

"ec2:DescribeLockedSnapshots"

"elasticloadbalancing:DescribeLoadBalancerPolicyTypes",

"elasticloadbalancing:CreateLBCookieStickinessPolicy",

"elasticloadbalancing:DeleteLoadBalancer",

"elasticloadbalancing:DescribeLoadBalancers",

"elasticloadbalancing:DescribeLoadBalancerPolicies",

"elasticloadbalancing:CreateRule",

"elasticloadbalancing:DescribeInstanceHealth",

"elasticloadbalancing:RegisterInstancesWithLoadBalancer",

"elasticloadbalancing:CreateTargetGroup",

"elasticloadbalancing:DescribeLoadBalancerAttributes",

"elasticloadbalancing:DescribeTargetGroupAttributes",

"elasticloadbalancing:AddTags",

"elasticloadbalancing:DescribeRules",

"elasticloadbalancing:ModifyLoadBalancerAttributes",

"elasticloadbalancing:ConfigureHealthCheck",

"elasticloadbalancing:RemoveListenerCertificates",

"elasticloadbalancing:CreateListener",

"elasticloadbalancing:DescribeListeners",

"elasticloadbalancing:CreateAppCookieStickinessPolicy",

"elasticloadbalancing:DescribeListenerCertificates",

"elasticloadbalancing:CreateLoadBalancerPolicy",

"elasticloadbalancing:DeleteRule",

"elasticloadbalancing:DescribeSSLPolicies",

"elasticloadbalancing:CreateLoadBalancer",

"elasticloadbalancing:DescribeTags",

"elasticloadbalancing:DeleteTargetGroup",

"elasticloadbalancing:CreateLoadBalancerListeners",

"elasticloadbalancing:SetLoadBalancerPoliciesOfListener",

"elasticloadbalancing:DescribeTargetHealth",

"elasticloadbalancing:DescribeTargetGroups",

"elasticloadbalancing:DeleteListener",

"elasticloadbalancing:ModifyTargetGroupAttributes",

"elasticloadbalancing:RegisterTargets",

"cognito-idp:DescribeUserPoolClient"

"elasticfilesystem:ListTagsForResource"

v4.2.0 -> v4.2.1 minimal permissions comparison

This table shows the new permissions added to the minimal permission json files in comparison to 4.2.0

Azure	AWS
"Microsoft.Authorization/locks/write", "Microsoft.Authorization/locks/delete",

v4.1.1a -> v4.2.0 minimal permissions comparison

This table shows the new permissions added to the minimal permission json files in comparison to 4.1.1a

Azure

AWS

"Microsoft.Compute/disks/delete",

"Microsoft.Compute/disks/beginGetAccess/action",

"Microsoft.Compute/virtualMachines/delete",

"Microsoft.Compute/sshPublicKeys/read",

"Microsoft.CostManagement/query/read",

"Microsoft.Network/networkInterfaces/delete",

"Microsoft.Network/networkSecurityGroups/read",

"Microsoft.Network/networkSecurityGroups/join/action",

"Microsoft.Network/publicIPAddresses/delete",

"Microsoft.Network/publicIPAddresses/read",

"Microsoft.Network/publicIPAddresses/write",

"Microsoft.Network/publicIPAddresses/join/action",

"Microsoft.Network/privateDNSZones/read",

"Microsoft.Network/privateDNSZones/write",

"Microsoft.Network/privateDNSZones/delete",

"Microsoft.Network/privateEndpoints/read",

"Microsoft.Network/privateEndpoints/write",

"Microsoft.Network/privateEndpoints/delete",

"Microsoft.Sql/servers/privateEndpointConnectionsApproval/action",

"Microsoft.Network/privateDnsZones/A/write",

"Microsoft.Network/privateDnsZones/A/delete",

"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",

"Microsoft.Sql/servers/virtualNetworkRules/delete",

"Microsoft.Sql/servers/virtualNetworkRules/write",

"Microsoft.Sql/servers/virtualNetworkRules/read",

"Microsoft.Storage/storageAccounts/listkeys/action",

"Microsoft.Storage/storageAccounts/managementPolicies/read",

"Microsoft.Storage/storageAccounts/managementPolicies/write"

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/read",

"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write"

"iam:ListInstanceProfiles",

"ec2:DescribeInstanceTypeOfferings",

"redshift:DeleteTags",

"redshift:DeleteCluster",

"redshift:AuthorizeSnapshotAccess",

"redshift:RevokeSnapshotAccess"

"elasticfilesystem:TagResource",

"elasticfilesystem:DescribeMountTargets",

"elasticfilesystem:CreateMountTarget",

"elasticfilesystem:DescribeAccessPoints",

"elasticfilesystem:CreateAccessPoint",

"elasticfilesystem:DescribeMountTargetSecurityGroups",

"fsx:CopyBackup",

"ssm:ListCommandInvocations"

"secretsmanager:GetSecretValue"

Related Articles
Minimal Azure permissions/roles for N2WS operations
The required minimal IAM permissions json is attached to this KB article. You can find detailed steps in our User guide, Chapter 26: https://n2ws.com/support/documentation Or in the following KB Article: How to setup CPM on AWS to backup Azure ...
Required minimal AWS permissions/roles for CPM operation
You can apply all the required roles by using the JSON files inside the archive attached to this article (including the new permissions required for v4.0 and up). Note that for some editions there is more then 1 json file. If you are using FLR or ...
How to configure your N2WS server deployed on AWS to also start backing up resources located in Azure.
This article is a step by step guide on how to configure your N2WS instance that is deployed on AWS to start backing up resources from your Azure subscriptions. Part I Add an App registration in Azure. 1. Open the Azure portal and go to Azure Active ...
How to use AWS IAM Policy Simulator to troubleshoot N2WS Backup permission issues.
Background: Permission issues are one of the most common errors seen by users of N2WS Backup and this article explains how you can use the IAM Policy Simulator to help you narrow down whether permissions are allowed by an IAM User or a Role. This ...
How to Check for AWS Permissions
Checking for AWS account permissions Each account in N2WS is mapped to a specific Roles or IAM user in AWS. You can see the list of account and authentication types in the Account Tab: For each account, you can select it and then click on 'Check AWS ...

IAM minimal permissions comparison

IAM minimal permissions comparison

v4.2.1 -> v4.3.0 minimal permissions comparison

v4.2.0 -> v4.2.1 minimal permissions comparison

v4.1.1a -> v4.2.0 minimal permissions comparison

Related Articles

Minimal Azure permissions/roles for N2WS operations

Required minimal AWS permissions/roles for CPM operation

How to configure your N2WS server deployed on AWS to also start backing up resources located in Azure.

How to use AWS IAM Policy Simulator to troubleshoot N2WS Backup permission issues.

How to Check for AWS Permissions