Bocada Cloud connects with an AWS account using read-only IAM User credentials (Access Key ID and Secret access key).
AWS IAM User Creation Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
Required IAM User Permissions:
- AWS Backup
- AWSBackupOperatorAccess
- AWS Native Snapshots
- EC2 - AmazonEC2ReadOnlyAccess
- RDS – AmazonRDSReadOnlyAccess
- DynamoDB – AmazonDynamoDBReadOnlyAccess
- Redshift – AmazonRedshiftReadOnlyAccess
- FSx – AmazonFSxReadOnlyAccess
- AWS S3 Buckets
- AmazonS3ReadOnlyAccess (this policy needs the following permissions "s3:Get*","s3:List*","s3-object-lambda:Get*","s3-object-lambda:List*")
- Extra Logging for all backups: AWSCloudTrailReadOnlyAccess