fsx:BypassSnaplockEnterpriseRetention

Permissions management

fsx:BypassSnaplockEnterpriseRetention is a Permissions management access-level action in the fsx service. Grants permission to allow deletion of an FSx for ONTAP SnapLock Enterprise volume that contains WORM (write once, read many) files with active retention periods

Resource types

ARNs that fsx:BypassSnaplockEnterpriseRetention can be scoped to in an IAM policy.

arn:${Partition}:fsx:${Region}:${Account}:volume/${FileSystemId}/${VolumeId}
volume

Condition keys

Keys you can use in the Condition block of a policy that grants fsx:BypassSnaplockEnterpriseRetention.

aws:ResourceTag/${TagKey} String

Filters access by the tags associated with the resource

Example IAM policy

A minimal policy that allows fsx:BypassSnaplockEnterpriseRetention. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowFsxBypassSnaplockEnterpriseRetention",
      "Effect": "Allow",
      "Action": "fsx:BypassSnaplockEnterpriseRetention",
      "Resource": "*"
    }
  ]
}

Related actions in fsx

View all fsx actions →