Identity Access Management resource replication with Arpio
Arpio replicates the following resource types from AWS Identity and Access Management (IAM)
Instance Profile
Arpio replicates IAM instance profiles from your primary environment to your recovery environment. The following attributes are translated during replication:
- The Instance Profile's name is suffixed with a short random string to ensure uniqueness.
- The IAM Role referenced by the Instance Profile is updated to reference the corresponding role in the recovery environment.
The following resources are automatically selected into recovery points when an Instance Profile is selected:
- The IAM Role referenced by the Instance Profile
Managed Policy
Arpio replicates IAM Managed Policies from your primary environment to your recovery environment. The following attributes are translated during replication:
- The Managed Policy's name is suffixed with a short random string to ensure uniqueness.
- The policy document is translated from the primary environment to the recovery environment according to the policy document translation process.
Role
Arpio replicates IAM Roles from your primary environment to your recovery environment. The following attributes are translated during replication:
- The IAM Role's name is suffixed with a short random string to ensure uniqueness.
- The assume role policy document is translated according to the policy document translation process.
- The permissions boundary policy reference is updated if the corresponding managed policy is being replicated to the recovery environment. Otherwise, it is retained as is.
- Any inline policies are translated according to the policy document translation process.
- Managed policy references are updated if the corresponding managed policies are being replicated to the recovery environment. Any policy not being replicated is retained as is.
The following resources are automatically selected into recovery points when an IAM Role is selected:
- The attached permissions boundary policy if the policy is defined in the same AWS account as the primary environment
- Any attached managed policies if the policy is defined in the same AWS account as the primary environment