fsx:BypassSnaplockEnterpriseRetention is a Permissions management access-level action in the fsx service. Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods
ARNs that fsx:BypassSnaplockEnterpriseRetention can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants fsx:BypassSnaplockEnterpriseRetention.
Filters access by the tags associated with the resource
A minimal policy that allows fsx:BypassSnaplockEnterpriseRetention. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowFsxBypassSnaplockEnterpriseRetention",
"Effect": "Allow",
"Action": "fsx:BypassSnaplockEnterpriseRetention",
"Resource": "*"
}
]
}