Amazon EC2 (ec2)

Additions

Actions

• DescribeSecurityGroupRules
  
  • Description:  Grants permission to describe one or more of your security group rules
  • Access:  List
• ModifySecurityGroupRules
  
  • Description:  Grants permission to modify the rules of a security group
  • Access:  Write
  • Resources: 

    Name: security-group

    Required: Yes

    Name: prefix-list

    Required: No

    Name: security-group-rule

    Required: No

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

    ec2:Vpc

Resources

• security-group-rule
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:security-group-rule/${SecurityGroupRuleId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Region

    ec2:ResourceTag/${TagKey}

Updates

Actions

• CreateReplaceRootVolumeTask
  
  Conditions
  
  • ＋ aws:RequestTag/${TagKey}
  • ＋ aws:TagKeys
  Resources
  
  • ＋ replace-root-volume-task
  • ＋ volume
• CreateStoreImageTask
  
  Conditions
  
  • ＋ aws:ResourceTag/${TagKey}
  • ＋ ec2:ImageType
  • ＋ ec2:Public
  • ＋ ec2:ResourceTag/${TagKey}
  • ＋ ec2:RootDeviceType
• EnableImageDeprecation
  
  Description
  
  • Old: Grants permission to enable deprecation of the specified AMI at the specified date and time.
    New: Grants permission to enable deprecation of the specified AMI at the specified date and time
• CreateTags
  
  Resources
  
  • ＋ security-group-rule
• DeleteTags
  
  Resources
  
  • ＋ security-group-rule