| datasync:ActivateHost | Admin |
| datasync:AddLocation | Admin |
| datasync:AddSyncSet | Admin |
| datasync:CancelSyncTask | Admin |
| datasync:CreateAgent | Admin |
| datasync:CreateLocationEfs | Admin |
| datasync:CreateLocationNfs | Admin |
| datasync:CreateLocationS3 | Admin |
| datasync:CreateSyncTask | Admin |
| datasync:CreateTask | Admin |
| datasync:DeactivateHost | Admin |
| datasync:DeleteAgent | Admin |
| datasync:DeleteLocation | Admin |
| datasync:DeleteSyncSet | Admin |
| datasync:DeleteTask | Admin |
| datasync:DescribeHost | Admin |
| datasync:DescribeLocation | Admin |
| datasync:DescribeSyncSet | Admin |
| datasync:DescribeSyncTask | Admin |
| datasync:ListHosts | Admin |
| datasync:ListSyncSets | Admin |
| datasync:ListSyncTasks | Admin |
| datasync:UpdateAgent | Admin |
| datasync:UpdateTask | Admin |
| iam:PassRole | Admin |
| datasync:CancelTaskExecution | Operator |
| datasync:StartSyncTask | Operator |
| datasync:StartTaskExecution | Operator |
| datasync:TagResource | Operator |
| datasync:UntagResource | Operator |
| s3:GetObject | Operator |
| datasync:DescribeAgent | Metadata |
| datasync:DescribeLocationEfs | Metadata |
| datasync:DescribeLocationNfs | Metadata |
| datasync:DescribeLocationS3 | Metadata |
| datasync:DescribeTask | Metadata |
| datasync:DescribeTaskExecution | Metadata |
| datasync:ListAgents | Metadata |
| datasync:ListLocations | Metadata |
| datasync:ListTagsForResource | Metadata |
| datasync:ListTaskExecutions | Metadata |
| datasync:ListTasks | Metadata |
| ec2:DescribeSecurityGroups | Metadata |
| ec2:DescribeSubnets | Metadata |
| elasticfilesystem:DescribeFileSystems | Metadata |
| elasticfilesystem:DescribeMountTargetSecurityGroups | Metadata |
| elasticfilesystem:DescribeMountTargets | Metadata |
| elasticfilesystem:DescribeTags | Metadata |
| iam:GetRole | Metadata |
| iam:ListRoles | Metadata |
| logs:DescribeLogGroups | Metadata |
| s3:ListBuckets | Metadata |
