Amazon EC2 (ec2)

Additions

Actions

• AssociateInstanceEventWindow
  
  • Description:  Grants permission to associate one or more targets with an event window
  • Access:  Write
  • Resources: 

    Name: instance-event-window

    Required: Yes

    Name: dedicated-host

    Required: No

    Name: instance

    Required: No

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

    ec2:AutoPlacement

    ec2:AvailabilityZone

    ec2:HostRecovery

    ec2:InstanceType

    ec2:Quantity

    ec2:EbsOptimized

    ec2:InstanceProfile

    ec2:PlacementGroup

    ec2:RootDeviceType

    ec2:Tenancy

• AssociateTrunkInterface
  
  • Description:  Grants permission to associate a branch network interface with a trunk network interface
  • Access:  Write
• CreateInstanceEventWindow
  
  • Description:  Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run
  • Access:  Write
  • Resources: 

    Name: instance-event-window

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

• CreateSubnetCidrReservation
  
  • Description:  Grants permission to create a subnet CIDR reservation
  • Access:  Write
• DeleteInstanceEventWindow
  
  • Description:  Grants permission to delete the specified event window.
  • Access:  Write
  • Resources: 

    Name: instance-event-window

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

• DeleteSubnetCidrReservation
  
  • Description:  Grants permission to delete a subnet CIDR reservation
  • Access:  Write
• DescribeInstanceEventWindows
  
  • Description:  Grants permission to describe the specified event windows or all event windows
  • Access:  List
• DescribeTrunkInterfaceAssociations
  
  • Description:  Grants permission to describe one or more network interface trunk associations
  • Access:  List
• DisassociateInstanceEventWindow
  
  • Description:  Grants permission to disassociate one or more targets from an event window
  • Access:  Write
  • Resources: 

    Name: instance-event-window

    Required: Yes

    Name: dedicated-host

    Required: No

    Name: instance

    Required: No

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

    ec2:AutoPlacement

    ec2:AvailabilityZone

    ec2:HostRecovery

    ec2:InstanceType

    ec2:Quantity

    ec2:EbsOptimized

    ec2:InstanceProfile

    ec2:PlacementGroup

    ec2:RootDeviceType

    ec2:Tenancy

• DisassociateTrunkInterface
  
  • Description:  Grants permission to disassociate a branch network interface to a trunk network interface
  • Access:  Write
• GetSubnetCidrReservations
  
  • Description:  Grants permission to retrieve information about the subnet CIDR reservations
  • Access:  Read
• ModifyInstanceEventWindow
  
  • Description:  Grants permission to modify the specified event window
  • Access:  Write
  • Resources: 

    Name: instance-event-window

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

Resources

• instance-event-window
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:instance-event-window/${InstanceEventWindowId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Region

    ec2:ResourceTag/${TagKey}

Updates

Actions

• CreateTags
  
  Resources
  
  • ＋ instance-event-window
• CreateVpcEndpoint
  
  Conditions
  
  • ＋ ec2:VpceServiceName
  • ＋ ec2:VpceServiceOwner
• DeleteTags
  
  Resources
  
  • ＋ instance-event-window
• ExportClientVpnClientCertificateRevocationList
  
  Access
  
  • List  ⟶  Read
• ExportClientVpnClientConfiguration
  
  Access
  
  • List  ⟶  Read
• DeleteVpcEndpoints
  
  Conditions
  
  • ＋ ec2:VpceServiceName