Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
Azure
  • Azure/Owner
  • Azure/Admin
  • Azure/Operator
  • Azure/Metadata
  • Azure/AI Foundry/admin
  • Azure/AI Foundry/metadata
  • Azure/AKS/admin
  • Azure/AKS/metadata
  • Azure/Alerts Management/admin
  • Azure/Alerts Management/operator
  • Azure/Alerts Management/metadata
  • Azure/API Management/admin
  • Azure/API Management/operator
  • Azure/API Management/metadata
  • Azure/Application Gateway/admin
  • Azure/Application Gateway/operator
  • Azure/Application Gateway/readonly
  • Azure/Application Gateway/metadata
  • Azure/Application Insights/admin
  • Azure/Application Insights/metadata
  • Azure/App Service/admin
  • Azure/App Service/metadata
  • Azure/Automation/admin
  • Azure/Automation/operator
  • Azure/Automation/metadata
  • Azure/Bot Service/Admin
  • Azure/Bot Service/Operator
  • Azure/Bot Service/Metadata
  • Azure/Cognitive Services/admin
  • Azure/Cognitive Services/operator
  • Azure/Cognitive Services/metadata
  • Azure/Compute/admin
  • Azure/Compute/operator
  • Azure/Compute/metadata
  • Azure/Container Registry/admin
  • Azure/Container Registry/metadata
  • Azure/Cosmos DB/admin
  • Azure/Cosmos DB/operator
  • Azure/Cosmos DB/metadata
  • Azure/Databricks/admin
  • Azure/Databricks/metadata
  • Azure/Data Factory/admin
  • Azure/Data Factory/metadata
  • Azure/DNS/admin
  • Azure/DNS/metadata
  • Azure/Firewall/admin
  • Azure/Firewall/metadata
  • Azure/Front Door/admin
  • Azure/Front Door/operator
  • Azure/Front Door/metadata
  • Azure/IAM/Owner
  • Azure/IAM/Metadata
  • Azure/Key Vault/admin
  • Azure/Key Vault/operator
  • Azure/Key Vault/metadata
  • Azure/Load Balancer/admin
  • Azure/Load Balancer/metadata
  • Azure/Log Analytics/admin
  • Azure/Log Analytics/metadata
  • Azure/Managed Identity/admin
  • Azure/Managed Identity/metadata
  • Azure/Monitor/Admin
  • Azure/Monitor/Operator
  • Azure/Monitor/Metadata
  • Azure/MySQL/admin
  • Azure/MySQL/metadata
  • Azure/Network/Admin
  • Azure/Network/Operator
  • Azure/Network/ReadOnly
  • Azure/Network/Metadata
  • Azure/Network Watcher/admin
  • Azure/Network Watcher/operator
  • Azure/Network Watcher/readonly
  • Azure/Network Watcher/metadata
  • Azure/PostgreSQL/admin
  • Azure/PostgreSQL/operator
  • Azure/PostgreSQL/metadata
  • Azure/Recovery Service/admin
  • Azure/Recovery Service/operator
  • Azure/Recovery Service/metadata
  • Azure/Redis/Admin
  • Azure/Redis/Operator
  • Azure/Redis/Metadata
  • Azure/Relay/Admin
  • Azure/Relay/ReadOnly
  • Azure/Relay/Metadata
  • Azure/Search Management/admin
  • Azure/Search Management/metadata
  • Azure/Security Center/admin
  • Azure/Security Center/operator
  • Azure/Security Center/metadata
  • Azure/Service Bus/admin
  • Azure/Service Bus/operator
  • Azure/Service Bus/metadata
  • Azure/SignalR Service/Admin
  • Azure/SignalR Service/Operator
  • Azure/SignalR Service/Metadata
  • Azure/SQL/admin
  • Azure/SQL/operator
  • Azure/SQL/readonly
  • Azure/SQL/metadata
  • Azure/SQL Virtual Machine Service/admin
  • Azure/SQL Virtual Machine Service/operator
  • Azure/SQL Virtual Machine Service/metadata
  • Azure/Storage/Admin
  • Azure/Storage/Operator
  • Azure/Storage/Metadata
  • Azure/Synapse Analytics/admin
  • Azure/Synapse Analytics/operator
  • Azure/Synapse Analytics/metadata
  • Azure/Virtual Desktop/admin
  • Azure/Virtual Desktop/operator
  • Azure/Virtual Desktop/metadata

IAM Role: Azure/Recovery Service/admin

PermissionGrant
microsoft.recoveryservices/locations/allocatestamp/actionadmin
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/deleteadmin
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/writeadmin
microsoft.recoveryservices/vaults/backupjobs/cancel/actionadmin
microsoft.recoveryservices/vaults/backuppolicies/deleteadmin
microsoft.recoveryservices/vaults/backuppolicies/writeadmin
microsoft.recoveryservices/vaults/backupconfig/readadmin
microsoft.recoveryservices/vaults/backupconfig/writeadmin
microsoft.recoveryservices/vaults/certificates/writeadmin
microsoft.recoveryservices/vaults/deleteadmin
microsoft.recoveryservices/vaults/extendedinformation/deleteadmin
microsoft.recoveryservices/vaults/extendedinformation/writeadmin
microsoft.recoveryservices/vaults/registeredidentities/deleteadmin
microsoft.recoveryservices/vaults/registeredidentities/writeadmin
microsoft.recoveryservices/vaults/replicationalertsettings/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/checkconsistency/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/deployprocessserverimage/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/reassociategateway/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/remove/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/renewcertificate/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/remove/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/remove/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/remove/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/switchprotection/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationrecoveryservicesproviders/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationrecoveryservicesproviders/refreshprovider/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationrecoveryservicesproviders/remove/actionadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationstorageclassifications/replicationstorageclassificationmappings/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationstorageclassifications/replicationstorageclassificationmappings/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationvcenters/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationvcenters/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/writeadmin
microsoft.recoveryservices/vaults/replicationjobs/cancel/actionadmin
microsoft.recoveryservices/vaults/replicationjobs/restart/actionadmin
microsoft.recoveryservices/vaults/replicationjobs/resume/actionadmin
microsoft.recoveryservices/vaults/replicationpolicies/deleteadmin
microsoft.recoveryservices/vaults/replicationpolicies/writeadmin
microsoft.recoveryservices/vaults/replicationrecoveryplans/deleteadmin
microsoft.recoveryservices/vaults/replicationrecoveryplans/writeadmin
microsoft.recoveryservices/vaults/writeadmin
microsoft.recoveryservices/vaults/monitoringalerts/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationrecoveryservicesproviders/writeadmin
microsoft.recoveryservices/vaults/providers/microsoft.insights/diagnosticsettings/writeadmin
microsoft.recoveryservices/vaults/backupfabrics/backupprotectionintent/writeadmin
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/deleteadmin
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/writeadmin
microsoft.recoveryservices/vaults/backupstorageconfig/writeadmin
microsoft.recoveryservices/vaults/monitoringconfigurations/writeadmin
microsoft.recoveryservices/vaults/backupfabrics/backupprotectionintent/deleteadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/writeadmin
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/deleteadmin
microsoft.recoveryservices/locations/backupprotecteditem/writeadmin
microsoft.recoveryservices/vaults/replicationvaultsettings/writeadmin
microsoft.resources/deployments/cancel/actionadmin
microsoft.resources/deployments/deleteadmin
microsoft.resources/deployments/validate/actionadmin
microsoft.resources/deployments/writeadmin
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/backup/actionoperator
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/recoverypoints/provisioninstantitemrecovery/actionoperator
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/recoverypoints/restore/actionoperator
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/recoverypoints/revokeinstantitemrecovery/actionoperator
microsoft.recoveryservices/vaults/backupjobsexport/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/discoverprotectableitem/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/applyrecoverypoint/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/failovercommit/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/plannedfailover/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/reprotect/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/repairreplication/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/testfailover/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/testfailovercleanup/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/unplannedfailover/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/updatemobilityservice/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/failovercommit/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/plannedfailover/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/reprotect/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/testfailover/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/testfailovercleanup/actionoperator
microsoft.recoveryservices/vaults/replicationrecoveryplans/unplannedfailover/actionoperator
microsoft.recoveryservices/vaults/backupsecuritypin/actionoperator
microsoft.recoveryservices/vaults/backupfabrics/refreshcontainers/actionoperator
microsoft.recoveryservices/locations/backupprevalidateprotection/actionoperator
microsoft.recoveryservices/locations/backupstatus/actionoperator
microsoft.recoveryservices/locations/backupvalidatefeatures/actionoperator
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/inquire/actionoperator
microsoft.recoveryservices/vaults/backupvalidateoperation/actionoperator
microsoft.recoveryservices/locations/checknameavailability/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/submitfeedback/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/adddisks/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/removedisks/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/resolvehealtherrors/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/migratetoaad/actionoperator
microsoft.recoveryservices/vaults/replicationvaulthealth/refresh/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/migrate/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/testmigrate/actionoperator
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/testmigratecleanup/actionoperator
microsoft.recoveryservices/vaults/providers/microsoft.insights/metricdefinitions/readmetadata
microsoft.recoveryservices/vaults/providers/microsoft.insights/diagnosticsettings/readmetadata
microsoft.recoveryservices/vaults/providers/microsoft.insights/logdefinitions/readmetadata
microsoft.recoveryservices/vaults/backupoperationresults/readmetadata
microsoft.recoveryservices/vaults/monitoringalerts/readmetadata
microsoft.recoveryservices/vaults/replicationevents/readmetadata
microsoft.recoveryservices/vaults/backupprotectableitems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationrecoveryservicesproviders/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationstorageclassifications/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationstorageclassifications/replicationstorageclassificationmappings/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationvcenters/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationnetworks/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationnetworks/replicationnetworkmappings/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectableitems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotectioncontainermappings/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/recoverypoints/readmetadata
microsoft.recoveryservices/vaults/replicationpolicies/readmetadata
microsoft.recoveryservices/vaults/replicationrecoveryplans/readmetadata
microsoft.recoveryservices/vaults/extendedinformation/readmetadata
microsoft.recoveryservices/vaults/backupprotectioncontainers/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/operationresults/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/operationresults/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/operationresults/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/operationsstatus/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/protecteditems/recoverypoints/readmetadata
microsoft.recoveryservices/vaults/usages/readmetadata
microsoft.recoveryservices/vaults/replicationalertsettings/readmetadata
microsoft.recoveryservices/vaults/backupoperations/readmetadata
microsoft.recoveryservices/vaults/backupusagesummaries/readmetadata
microsoft.recoveryservices/vaults/backupprotecteditems/readmetadata
microsoft.recoveryservices/vaults/registeredidentities/readmetadata
microsoft.recoveryservices/vaults/registeredidentities/operationresults/readmetadata
microsoft.recoveryservices/vaults/replicationjobs/readmetadata
microsoft.recoveryservices/vaults/backuppolicies/readmetadata
microsoft.recoveryservices/vaults/backuppolicies/operationresults/readmetadata
microsoft.recoveryservices/vaults/vaulttokens/readmetadata
microsoft.recoveryservices/vaults/backupjobs/readmetadata
microsoft.recoveryservices/vaults/backupjobs/operationresults/readmetadata
microsoft.recoveryservices/vaults/readmetadata
microsoft.recoveryservices/operations/readmetadata
microsoft.recoveryservices/vaults/backupengines/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectablecontainers/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/protectioncontainers/items/readmetadata
microsoft.recoveryservices/vaults/backupstorageconfig/readmetadata
microsoft.recoveryservices/vaults/monitoringconfigurations/readmetadata
microsoft.recoveryservices/vaults/backuppolicies/operations/readmetadata
microsoft.recoveryservices/vaults/backupfabrics/backupprotectionintent/readmetadata
microsoft.recoveryservices/locations/allocatedstamp/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationlogicalnetworks/readmetadata
microsoft.recoveryservices/vaults/replicationnetworks/readmetadata
microsoft.recoveryservices/vaults/replicationnetworkmappings/readmetadata
microsoft.recoveryservices/vaults/replicationprotectioncontainermappings/readmetadata
microsoft.recoveryservices/vaults/replicationprotecteditems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationprotecteditems/targetcomputesizes/readmetadata
microsoft.recoveryservices/vaults/replicationprotectioncontainers/readmetadata
microsoft.recoveryservices/vaults/replicationrecoveryservicesproviders/readmetadata
microsoft.recoveryservices/vaults/replicationstorageclassifications/readmetadata
microsoft.recoveryservices/vaults/replicationstorageclassificationmappings/readmetadata
microsoft.recoveryservices/vaults/replicationusages/readmetadata
microsoft.recoveryservices/vaults/replicationvcenters/readmetadata
microsoft.recoveryservices/vaults/replicationvaulthealth/readmetadata
microsoft.recoveryservices/locations/operationstatus/readmetadata
microsoft.recoveryservices/vaults/backupprotectionintents/readmetadata
microsoft.recoveryservices/vaults/replicationmigrationitems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/readmetadata
microsoft.recoveryservices/vaults/replicationfabrics/replicationprotectioncontainers/replicationmigrationitems/migrationrecoverypoints/readmetadata
microsoft.recoveryservices/vaults/replicationsupportedoperatingsystems/readmetadata
microsoft.recoveryservices/locations/backupprotecteditems/readmetadata
microsoft.recoveryservices/vaults/replicationvaultsettings/readmetadata
microsoft.resources/links/readmetadata
microsoft.resources/providers/readmetadata
microsoft.resources/resources/readmetadata
microsoft.resources/subscriptions/locations/readmetadata
microsoft.resources/subscriptions/operationresults/readmetadata
microsoft.resources/subscriptions/providers/readmetadata
microsoft.resources/subscriptions/readmetadata
microsoft.resources/subscriptions/resourcegroups/deployments/operations/readmetadata
microsoft.resources/subscriptions/resourcegroups/deployments/operationstatuses/readmetadata
microsoft.resources/subscriptions/resourcegroups/deployments/readmetadata
microsoft.resources/subscriptions/resourcegroups/readmetadata
microsoft.resources/subscriptions/resourcegroups/resources/readmetadata
microsoft.resources/subscriptions/resources/readmetadata
microsoft.resources/subscriptions/tagnames/readmetadata
microsoft.resources/subscriptions/tagnames/tagvalues/readmetadata
microsoft.resources/tenants/readmetadata
microsoft.resources/deployments/operations/readmetadata
microsoft.resources/deployments/readmetadata
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
50
Mods
205
Resource Types
3,574
Policies
1,936
Controls
103
Quick Actions
114
IAM