By using AWS re:Post, you agree to the Terms of Use

IAM Advice for AWS Organization Backup


I am trying to configure AWS Backup Policy (Organization) from Master account and using following IAM Policy given from the AWS User Guide. But continuously getting permission error and backup failed. When I used IAM Policy Simulator, I am seeing "This action does not support resource-level permissions. Policies granting access must specify "*" in the resource element."

I am not an IAM guy, please someone advise, what I should do to fix this.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ManageBackupPolicies", "Effect": "Allow", "Action": [ "organizations:AttachPolicy", "organizations:CreatePolicy", "organizations:DeletePolicy", "organizations:DescribeAccount", "organizations:DescribeCreateAccountStatus", "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:DetachPolicy", "organizations:DisableAWSServiceAccess", "organizations:DisablePolicyType", "organizations:EnableAWSServiceAccess", "organizations:EnablePolicyType", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListCreateAccountStatus", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListTargetsForPolicy", "organizations:UpdatePolicy" ], "Resource": "*" } ] }

asked 2 months ago36 views
1 Answer

Are you attaching this policy to a user that is going to manage the backup at the Org level? The message "This action does not support resource-level permissions" means the action does not support resource-level permissions and requires a wildcard (*) in the Resource element of the policy. Can you elaborate more on what are you trying to achieve?

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions