Amazon EC2 (ec2)

2021-10-13

7 new conditions | 188 updated actions, 29 updated resources, 1 updated condition | 2 removed conditions

Additions

    Conditions
  • ec2:AllocationId
    • Description:  Filters access by the Allocation Id of the Elastic Ip
    • Type:  String
  • ec2:Domain
    • Description:  Filters access domain of the Elastic Ip Address
    • Type:  String
  • ec2:KeyPairType
    • Description:  Filters access by a key pair type
    • Type:  String
  • ec2:KmsKeyId
    • Description:  Filters access by an Id of your AWS Key Management Service
    • Type:  String
  • ec2:Phase2DHGroup
    • Description:  Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 2 IKE negotiations
    • Type:  Numeric
  • ec2:PreSharedKeys
    • Description:  Filters access by the pre-shared key (PSK) used to establish the initial IKE security association between a virtual private gateway and a customer gateway
    • Type:  String
  • ec2:PublicIpAddress
    • Description:  Filters access by the Public Ip
    • Type:  String

Updates

    Actions
  • AcceptTransitGatewayMulticastDomainAssociations
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
      Resources
    • - subnet
  • AllocateAddress
      Resources
    • + elastic-ip
      Dependents
    • + ec2:CreateTags
  • AssignIpv6Addresses
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • AssignPrivateIpAddresses
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • AssociateAddress
      Conditions
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • AssociateIamInstanceProfile
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • AttachClassicLinkVpc
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • AttachNetworkInterface
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • AttachVolume
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • CreateCarrierGateway
      Conditions
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateFleet
      Conditions
    • + ec2:EbsOptimized
    • + ec2:InstanceProfile
    • + ec2:InstanceType
    • + ec2:PlacementGroup
    • + ec2:Tenancy
    • + ec2:KeyPairType
    • + ec2:PlacementGroupStrategy
      Resources
    • + instance
    • + placement-group
      Dependents
    • + ec2:CreateTags
  • CreateFlowLogs
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
      Dependents
    • + ec2:CreateTags
  • CreateImage
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:OutpostArn
    • + ec2:ParentVolume
    • + ec2:SnapshotTime
    • + ec2:SourceOutpostArn
    • + ec2:VolumeSize
    • - ec2:ImageType
      Resources
    • + snapshot
      Dependents
    • + ec2:CreateTags
  • CreateInstanceExportTask
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:PlacementGroup
      Dependents
    • + ec2:CreateTags
  • CreateKeyPair
      Conditions
    • + ec2:KeyPairType
    • - ec2:KeyPairName
      Dependents
    • + ec2:CreateTags
  • CreateNatGateway
      Resources

    • New_value: No

      Old_value: Yes

      Conditions
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
      Dependents
    • + ec2:CreateTags
  • CreateNetworkAcl
      Conditions
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateNetworkInterface
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:Subnet
      Dependents
    • + ec2:CreateTags
  • CreateNetworkInterfacePermission
      Conditions
    • + ec2:AuthorizedUser
    • + ec2:Permission
    • - ec2:AssociatePublicIpAddress
  • CreateReplaceRootVolumeTask
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
      Dependents
    • + ec2:CreateTags
  • CreateRestoreImageTask
      Conditions
    • - ec2:ImageType
    • - ec2:Public
    • - ec2:RootDeviceType
      Dependents
    • + ec2:CreateTags
  • CreateRouteTable
      Conditions
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateSnapshot
      Conditions
    • - ec2:Owner
    • - ec2:SnapshotTime
    • - ec2:ParentSnapshot
    • - ec2:VolumeIops
      Dependents
    • + ec2:CreateTags
  • CreateSnapshots
      Conditions
    • - ec2:Owner
    • - ec2:SnapshotTime
    • - ec2:ParentSnapshot
    • - ec2:VolumeIops
      Dependents
    • + ec2:CreateTags
  • CreateSubnet
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateTags
      Conditions
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:KeyPairType
    • + ec2:AuthorizedUser
    • + ec2:Permission
    • + ec2:Phase1DHGroup
    • + ec2:Phase2DHGroup
    • + ec2:PreSharedKeys
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase2DHGroupNumbers
    • - ec2:PresharedKeys
  • CreateTrafficMirrorSession
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:AvailabilityZone
    • - ec2:Subnet
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateTrafficMirrorTarget
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:AvailabilityZone
    • - ec2:Subnet
    • - ec2:Vpc
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayConnectPeer
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ResourceTag/${TagKey}
      Resources
    • + transit-gateway-connect-peer
      Dependents
    • + ec2:CreateTags
  • CreateVolume
      Conditions
    • + ec2:KmsKeyId
    • - ec2:VolumeIops
      Dependents
    • + ec2:CreateTags
  • CreateVpcEndpoint
      Conditions
    • - ec2:Tenancy
    • - ec2:Vpc
    • - ec2:AvailabilityZone
      Dependents
    • + ec2:CreateTags
  • CreateVpnConnection
      Conditions
    • + ec2:Phase1DHGroup
    • + ec2:Phase2DHGroup
    • + ec2:PreSharedKeys
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase2DHGroupNumbers
    • - ec2:PresharedKeys
      Dependents
    • + ec2:CreateTags
  • CreateVpnConnectionRoute
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • DeleteKeyPair
      Conditions
    • + ec2:KeyPairType
  • DeleteLaunchTemplate
      Resources

    • New_value: Yes

      Old_value: No

  • DeleteLaunchTemplateVersions
      Resources

    • New_value: Yes

      Old_value: No

  • DeleteNetworkInterface
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • DeleteVpcEndpointConnectionNotifications
      Resources

    • New_value: No

      Old_value: Yes

      Conditions
    • - ec2:VpceServicePrivateDnsName
  • DeleteVpnConnection
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • DeleteVpnConnectionRoute
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • DeregisterTransitGatewayMulticastGroupMembers
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • DeregisterTransitGatewayMulticastGroupSources
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • DetachClassicLinkVpc
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • DetachNetworkInterface
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • DetachVolume
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • DisableFastSnapshotRestores
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:Encrypted
  • DisassociateAddress
      Conditions
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:RootDeviceType
    • - ec2:Tenancy
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
      Resources
    • - instance
  • DisassociateIamInstanceProfile
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • EnableFastSnapshotRestores
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:Encrypted
  • GetConsoleOutput
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • GetLaunchTemplateData
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • GetPasswordData
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ImportInstance
      Conditions
    • + ec2:EbsOptimized
    • + ec2:InstanceProfile
    • + ec2:InstanceType
    • + ec2:PlacementGroup
    • + ec2:RootDeviceType
    • + ec2:Tenancy
    • + ec2:Encrypted
    • + ec2:ParentSnapshot
    • + ec2:VolumeIops
    • + ec2:VolumeSize
    • + ec2:VolumeThroughput
    • + ec2:VolumeType
      Resources
    • + instance
    • + volume
  • ImportKeyPair
      Conditions
    • - ec2:KeyPairName
      Dependents
    • + ec2:CreateTags
  • ImportSnapshot
      Resources

    • New_value: Yes

      Old_value: No

    • + import-snapshot-task
      Dependents
    • + ec2:CreateTags
  • ModifyHosts
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
  • ModifyInstanceAttribute
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ModifyInstanceCapacityReservationAttributes
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ModifyInstanceCreditSpecification
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ModifyInstanceEventStartTime
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • ModifyInstanceMetadataOptions
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ModifyInstancePlacement
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:AutoPlacement
    • - ec2:HostRecovery
    • - ec2:Quantity
  • ModifyNetworkInterfaceAttribute
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • ModifyVpnConnection
      Conditions
    • + ec2:Phase1DHGroup
    • + ec2:Phase2DHGroup
    • + ec2:PreSharedKeys
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase2DHGroupNumbers
    • - ec2:PresharedKeys
      Resources
    • - customer-gateway
    • - transit-gateway
    • - vpn-gateway
  • ModifyVpnConnectionOptions
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • ModifyVpnTunnelCertificate
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • ModifyVpnTunnelOptions
      Conditions
    • + ec2:Phase1DHGroup
    • + ec2:Phase2DHGroup
    • + ec2:PreSharedKeys
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase2DHGroupNumbers
    • - ec2:PresharedKeys
  • MonitorInstances
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • PurchaseHostReservation
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
      Dependents
    • + ec2:CreateTags
  • RebootInstances
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • RegisterTransitGatewayMulticastGroupMembers
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • RegisterTransitGatewayMulticastGroupSources
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • RejectTransitGatewayMulticastDomainAssociations
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
      Resources
    • - subnet
  • ReleaseAddress
      Conditions
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
  • ReleaseHosts
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
  • ReplaceIamInstanceProfileAssociation
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • ReplaceRoute
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • RequestSpotFleet
      Conditions
    • + ec2:ImageType
    • + ec2:Owner
    • + ec2:Public
    • + ec2:RootDeviceType
    • + ec2:KeyPairName
    • + ec2:KeyPairType
    • + ec2:PlacementGroupStrategy
    • + ec2:OutpostArn
    • + ec2:ParentVolume
    • + ec2:SnapshotTime
    • + ec2:SourceOutpostArn
    • + ec2:VolumeSize
    • + ec2:AvailabilityZone
      Resources
    • + spot-fleet-request
    • + image
    • + key-pair
    • + placement-group
    • + snapshot
    • + subnet
  • RequestSpotInstances
      Conditions
    • + ec2:KeyPairType
    • + ec2:AssociatePublicIpAddress
    • + ec2:AuthorizedService
    • + ec2:AuthorizedUser
    • + ec2:Permission
    • + ec2:Subnet
    • + ec2:PlacementGroupStrategy
    • + ec2:OutpostArn
    • + ec2:ParentVolume
    • + ec2:SnapshotTime
    • + ec2:SourceOutpostArn
    • + ec2:VolumeSize
      Resources
    • + network-interface
    • + placement-group
    • + snapshot
      Dependents
    • + ec2:CreateTags
  • ResetFpgaImageAttribute
      Conditions
    • + ec2:Attribute/${AttributeName}
  • ResetImageAttribute
      Conditions
    • + ec2:Attribute/${AttributeName}
  • ResetInstanceAttribute
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:PlacementGroup
  • ResetNetworkInterfaceAttribute
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • ResetSnapshotAttribute
      Conditions
    • + ec2:Attribute/${AttributeName}
  • RunInstances
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:KeyPairType
      Dependents
    • + ec2:CreateTags
  • RunScheduledInstances
      Conditions
    • + ec2:KeyPairType
  • SendDiagnosticInterrupt
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • - ec2:PlacementGroup
  • StartInstances
      Conditions
    • + ec2:InstanceMarketType
  • StopInstances
      Conditions
    • + ec2:InstanceMarketType
  • TerminateInstances
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • UnassignIpv6Addresses
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • UnassignPrivateIpAddresses
      Conditions
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
  • UnmonitorInstances
      Conditions
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • AllocateHosts
      Dependents
    • + ec2:CreateTags
  • AssociateDhcpOptions
      Resources
    • + dhcp-options
  • AuthorizeSecurityGroupEgress
      Dependents
    • + ec2:CreateTags
  • AuthorizeSecurityGroupIngress
      Dependents
    • + ec2:CreateTags
  • CopySnapshot
      Dependents
    • + ec2:CreateTags
  • CreateCapacityReservation
      Dependents
    • + ec2:CreateTags
  • CreateClientVpnEndpoint
      Dependents
    • + ec2:CreateTags
      Conditions
    • - ec2:Vpc
    • - ec2:Tenancy
  • CreateCustomerGateway
      Dependents
    • + ec2:CreateTags
  • CreateDhcpOptions
      Dependents
    • + ec2:CreateTags
  • CreateEgressOnlyInternetGateway
      Dependents
    • + ec2:CreateTags
  • CreateFpgaImage
      Dependents
    • + ec2:CreateTags
  • CreateInstanceEventWindow
      Dependents
    • + ec2:CreateTags
  • CreateInternetGateway
      Dependents
    • + ec2:CreateTags
  • CreateLaunchTemplate
      Dependents
    • + ec2:CreateTags
      Resources
    • - capacity-reservation
    • - dedicated-host
    • - image
    • - key-pair
    • - network-interface
    • - placement-group
    • - security-group
    • - snapshot
    • - subnet
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:ResourceTag/${TagKey}
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:ImageType
    • - ec2:Owner
    • - ec2:Public
    • - ec2:RootDeviceType
    • - ec2:KeyPairName
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:Subnet
    • - ec2:Vpc
    • - ec2:PlacementGroupStrategy
    • - ec2:ParentVolume
    • - ec2:SnapshotTime
    • - ec2:VolumeSize
  • CreateLocalGatewayRouteTableVpcAssociation
      Dependents
    • + ec2:CreateTags
  • CreateManagedPrefixList
      Dependents
    • + ec2:CreateTags
  • CreateNetworkInsightsPath
      Resources
    • + instance
    • + internet-gateway
    • + network-interface
    • + transit-gateway
    • + vpc-endpoint
    • + vpc-peering-connection
    • + vpn-gateway
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AvailabilityZone
    • + ec2:EbsOptimized
    • + ec2:InstanceProfile
    • + ec2:InstanceType
    • + ec2:PlacementGroup
    • + ec2:ResourceTag/${TagKey}
    • + ec2:RootDeviceType
    • + ec2:Tenancy
    • + ec2:AssociatePublicIpAddress
    • + ec2:AuthorizedService
    • + ec2:Subnet
    • + ec2:Vpc
    • + ec2:AccepterVpc
    • + ec2:RequesterVpc
      Dependents
    • + ec2:CreateTags
  • CreatePlacementGroup
      Dependents
    • + ec2:CreateTags
  • CreateSecurityGroup
      Dependents
    • + ec2:CreateTags
  • CreateTrafficMirrorFilter
      Dependents
    • + ec2:CreateTags
  • CreateTransitGateway
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayConnect
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayMulticastDomain
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayPeeringAttachment
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayRouteTable
      Dependents
    • + ec2:CreateTags
  • CreateTransitGatewayVpcAttachment
      Dependents
    • + ec2:CreateTags
  • CreateVpc
      Dependents
    • + ec2:CreateTags
  • CreateVpcEndpointServiceConfiguration
      Dependents
    • + ec2:CreateTags
  • CreateVpcPeeringConnection
      Dependents
    • + ec2:CreateTags
  • CreateVpnGateway
      Dependents
    • + ec2:CreateTags
  • DeleteNetworkInterfacePermission
      Resources
    • + network-interface
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AssociatePublicIpAddress
    • + ec2:AuthorizedService
    • + ec2:AvailabilityZone
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:Subnet
    • + ec2:Vpc
  • DeletePlacementGroup
      Resources
    • + placement-group
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:PlacementGroupStrategy
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeAddressesAttribute
      Resources
    • + elastic-ip
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeClientVpnAuthorizationRules
      Resources
    • + client-vpn-endpoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ClientRootCertificateChainArn
    • + ec2:CloudwatchLogGroupArn
    • + ec2:CloudwatchLogStreamArn
    • + ec2:DirectoryArn
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SamlProviderArn
    • + ec2:ServerCertificateArn
  • DescribeClientVpnConnections
      Resources
    • + client-vpn-endpoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ClientRootCertificateChainArn
    • + ec2:CloudwatchLogGroupArn
    • + ec2:CloudwatchLogStreamArn
    • + ec2:DirectoryArn
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SamlProviderArn
    • + ec2:ServerCertificateArn
  • DescribeClientVpnEndpoints
      Resources
    • + client-vpn-endpoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ClientRootCertificateChainArn
    • + ec2:CloudwatchLogGroupArn
    • + ec2:CloudwatchLogStreamArn
    • + ec2:DirectoryArn
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SamlProviderArn
    • + ec2:ServerCertificateArn
  • DescribeClientVpnRoutes
      Resources
    • + client-vpn-endpoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ClientRootCertificateChainArn
    • + ec2:CloudwatchLogGroupArn
    • + ec2:CloudwatchLogStreamArn
    • + ec2:DirectoryArn
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SamlProviderArn
    • + ec2:ServerCertificateArn
  • DescribeClientVpnTargetNetworks
      Resources
    • + client-vpn-endpoint
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ClientRootCertificateChainArn
    • + ec2:CloudwatchLogGroupArn
    • + ec2:CloudwatchLogStreamArn
    • + ec2:DirectoryArn
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SamlProviderArn
    • + ec2:ServerCertificateArn
  • DescribeFleetHistory
      Resources
    • + fleet
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeFleetInstances
      Resources
    • + fleet
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeFleets
      Resources
    • + fleet
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeFpgaImageAttribute
      Resources
    • + fpga-image
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Attribute/${AttributeName}
    • + ec2:Owner
    • + ec2:Public
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • DescribeImageAttribute
      Resources
    • + image
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ImageType
    • + ec2:Owner
    • + ec2:Public
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:RootDeviceType
  • DescribeInstanceAttribute
      Resources
    • + instance
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AvailabilityZone
    • + ec2:EbsOptimized
    • + ec2:InstanceMarketType
    • + ec2:InstanceProfile
    • + ec2:InstanceType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:PlacementGroup
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:RootDeviceType
    • + ec2:Tenancy
  • DescribeStoreImageTasks
      Resources
    • + image
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ImageType
    • + ec2:Owner
    • + ec2:Public
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:RootDeviceType
  • DisassociateVpcCidrBlock
      Resources
    • + vpc
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:Tenancy
  • ExportImage
      Dependents
    • + ec2:CreateTags
  • ImportImage
      Resources
    • + import-image-task
      Dependents
    • + ec2:CreateTags
  • ImportVolume
      Resources
    • + volume
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AvailabilityZone
    • + ec2:Encrypted
    • + ec2:ParentSnapshot
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:VolumeIops
    • + ec2:VolumeSize
    • + ec2:VolumeThroughput
    • + ec2:VolumeType
  • ModifyAddressAttribute
      Resources
    • + elastic-ip
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AllocationId
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • ModifySpotFleetRequest
      Resources
    • + subnet
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:Vpc
  • RegisterImage
      Resources
    • + image
    • + snapshot
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:Owner
    • + ec2:Public
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
    • + ec2:OutpostArn
    • + ec2:ParentVolume
    • + ec2:SnapshotTime
    • + ec2:SourceOutpostArn
    • + ec2:VolumeSize
  • ReplaceRouteTableAssociation
      Resources
    • + subnet
      Conditions
    • + ec2:AvailabilityZone
  • ResetAddressAttribute
      Resources
    • + elastic-ip
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:AllocationId
    • + ec2:Attribute/${AttributeName}
    • + ec2:Domain
    • + ec2:PublicIpAddress
    • + ec2:Region
    • + ec2:ResourceTag/${TagKey}
  • StartNetworkInsightsAnalysis
      Dependents
    • + ec2:CreateTags
  • AcceptReservedInstancesExchangeQuote
      Resources
    • - reserved-instances
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:InstanceType
    • - ec2:Region
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ResourceTag/${TagKey}
    • - ec2:Tenancy
  • AcceptVpcEndpointConnections
      Resources
    • - vpc-endpoint
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • ApplySecurityGroupsToClientVpnTargetNetwork
      Conditions
    • - ec2:Vpc
    • - ec2:Tenancy
  • AssociateClientVpnTargetNetwork
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
  • AssociateInstanceEventWindow
      Resources
    • - dedicated-host
    • - instance
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:PlacementGroup
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • BundleInstance
      Resources
    • - instance
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • ConfirmProductInstance
      Resources
    • - instance
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • CreateClientVpnRoute
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
  • CreateLaunchTemplateVersion
      Resources
    • - capacity-reservation
    • - dedicated-host
    • - image
    • - key-pair
    • - network-interface
    • - placement-group
    • - security-group
    • - snapshot
    • - subnet
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:ImageType
    • - ec2:Owner
    • - ec2:Public
    • - ec2:RootDeviceType
    • - ec2:KeyPairName
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:Subnet
    • - ec2:Vpc
    • - ec2:PlacementGroupStrategy
    • - ec2:ParentVolume
    • - ec2:SnapshotTime
    • - ec2:VolumeSize
  • CreateReservedInstancesListing
      Resources
    • - reserved-instances
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:InstanceType
    • - ec2:Region
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ResourceTag/${TagKey}
    • - ec2:Tenancy
  • CreateTrafficMirrorFilterRule
      Resources
    • - traffic-mirror-filter-rule
  • CreateVpcEndpointConnectionNotification
      Resources
    • - vpc-endpoint-service
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • DeleteCarrierGateway
      Conditions
    • - ec2:Tenancy
    • - ec2:Vpc
  • DeleteLocalGatewayRouteTableVpcAssociation
      Conditions
    • - ec2:Tenancy
  • DeleteQueuedReservedInstances
      Resources
    • - reserved-instances
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:InstanceType
    • - ec2:Region
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ResourceTag/${TagKey}
    • - ec2:Tenancy
  • DeleteTags
      Conditions
    • - ec2:ClientRootCertificateChainArn
    • - ec2:CloudwatchLogGroupArn
    • - ec2:CloudwatchLogStreamArn
    • - ec2:DirectoryArn
    • - ec2:SamlProviderArn
    • - ec2:ServerCertificateArn
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:ElasticGpuType
    • - ec2:Owner
    • - ec2:Public
    • - ec2:ImageType
    • - ec2:RootDeviceType
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:PlacementGroup
    • - ec2:Tenancy
    • - ec2:KeyPairName
    • - ec2:Vpc
    • - ec2:AssociatePublicIpAddress
    • - ec2:AuthorizedService
    • - ec2:Subnet
    • - ec2:PlacementGroupStrategy
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ParentVolume
    • - ec2:SnapshotTime
    • - ec2:VolumeSize
    • - ec2:Encrypted
    • - ec2:ParentSnapshot
    • - ec2:VolumeIops
    • - ec2:VolumeThroughput
    • - ec2:VolumeType
    • - ec2:VpceServicePrivateDnsName
    • - ec2:AccepterVpc
    • - ec2:RequesterVpc
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
  • DeleteVpcEndpointServiceConfigurations
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • DisassociateInstanceEventWindow
      Resources
    • - dedicated-host
    • - instance
      Conditions
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:PlacementGroup
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • ExportTransitGatewayRoutes
      Resources
    • - transit-gateway-route-table
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetAssociatedIpv6PoolCidrs
      Resources
    • - ipv6pool-ec2
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetConsoleScreenshot
      Resources
    • - instance
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • GetHostReservationPurchasePreview
      Resources
    • - dedicated-host
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AutoPlacement
    • - ec2:AvailabilityZone
    • - ec2:HostRecovery
    • - ec2:InstanceType
    • - ec2:Quantity
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetReservedInstancesExchangeQuote
      Resources
    • - reserved-instances
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:InstanceType
    • - ec2:Region
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ResourceTag/${TagKey}
    • - ec2:Tenancy
  • GetTransitGatewayAttachmentPropagations
      Resources
    • - transit-gateway-attachment
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetTransitGatewayMulticastDomainAssociations
      Resources
    • - transit-gateway-multicast-domain
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetTransitGatewayPrefixListReferences
      Resources
    • - transit-gateway-route-table
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetTransitGatewayRouteTableAssociations
      Resources
    • - transit-gateway-route-table
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • GetTransitGatewayRouteTablePropagations
      Resources
    • - transit-gateway-route-table
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • ModifyClientVpnEndpoint
      Conditions
    • - ec2:Vpc
    • - ec2:Tenancy
  • ModifyTransitGatewayVpcAttachment
      Conditions
    • - ec2:AvailabilityZone
    • - ec2:Vpc
  • ModifyVpcEndpoint
      Conditions
    • - ec2:Vpc
    • - ec2:AvailabilityZone
  • ModifyVpcEndpointConnectionNotification
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • ModifyVpcEndpointServicePermissions
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • PurchaseReservedInstancesOffering
      Resources
    • - reserved-instances
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:InstanceType
    • - ec2:Region
    • - ec2:ReservedInstancesOfferingType
    • - ec2:ResourceTag/${TagKey}
    • - ec2:Tenancy
  • RejectVpcEndpointConnections
      Resources
    • - vpc-endpoint
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • ReportInstanceStatus
      Resources
    • - instance
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AvailabilityZone
    • - ec2:EbsOptimized
    • - ec2:InstanceProfile
    • - ec2:InstanceType
    • - ec2:PlacementGroup
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
    • - ec2:RootDeviceType
    • - ec2:Tenancy
  • SearchLocalGatewayRoutes
      Resources
    • - local-gateway-route-table
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • SearchTransitGatewayMulticastGroups
      Resources
    • - transit-gateway-multicast-domain
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:Region
    • - ec2:ResourceTag/${TagKey}
  • StartVpcEndpointServicePrivateDnsVerification
      Conditions
    • - ec2:VpceServicePrivateDnsName
  • TerminateClientVpnConnections
      Resources
    • - vpn-connection
      Conditions
    • - ec2:AuthenticationType
    • - ec2:DPDTimeoutSeconds
    • - ec2:GatewayType
    • - ec2:IKEVersions
    • - ec2:InsideTunnelCidr
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase1EncryptionAlgorithms
    • - ec2:Phase1IntegrityAlgorithms
    • - ec2:Phase1LifetimeSeconds
    • - ec2:Phase2DHGroupNumbers
    • - ec2:Phase2EncryptionAlgorithms
    • - ec2:Phase2IntegrityAlgorithms
    • - ec2:Phase2LifetimeSeconds
    • - ec2:PresharedKeys
    • - ec2:RekeyFuzzPercentage
    • - ec2:RekeyMarginTimeSeconds
    • - ec2:RoutingType
    Resources
  • elastic-ip
      Conditions
    • + ec2:AllocationId
    • + ec2:Attribute/${AttributeName}
    • + ec2:Domain
    • + ec2:PublicIpAddress
  • capacity-reservation
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:CapacityReservationFleet
  • client-vpn-endpoint
      Conditions
    • + ec2:Attribute/${AttributeName}
  • dedicated-host
      Conditions
    • + ec2:Attribute/${AttributeName}
  • fleet
      Conditions
    • + ec2:Attribute/${AttributeName}
  • fpga-image
      Conditions
    • + ec2:Attribute/${AttributeName}
  • image
      Conditions
    • + ec2:Attribute/${AttributeName}
  • instance
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:InstanceMarketType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:NewInstanceProfile
  • key-pair
      Conditions
    • + ec2:KeyPairType
  • launch-template
      Conditions
    • + ec2:Attribute/${AttributeName}
  • network-interface
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:AuthorizedUser
    • + ec2:Permission
  • prefix-list
      Conditions
    • + ec2:Attribute/${AttributeName}
  • reserved-instances
      Conditions
    • + ec2:Attribute/${AttributeName}
  • snapshot
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:AvailabilityZone
    • + ec2:Encrypted
  • spot-fleet-request
      Conditions
    • + ec2:Attribute/${AttributeName}
  • subnet
      Conditions
    • + ec2:Attribute/${AttributeName}
  • traffic-mirror-filter
      Conditions
    • + ec2:Attribute/${AttributeName}
  • traffic-mirror-filter-rule
      Conditions
    • + ec2:Attribute/${AttributeName}
  • traffic-mirror-session
      Conditions
    • + ec2:Attribute/${AttributeName}
  • transit-gateway-attachment
      Conditions
    • + ec2:Attribute/${AttributeName}
  • transit-gateway
      Conditions
    • + ec2:Attribute/${AttributeName}
  • transit-gateway-route-table
      Conditions
    • + ec2:Attribute/${AttributeName}
  • volume
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:KmsKeyId
  • vpc-endpoint
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:VpceServiceName
    • + ec2:VpceServiceOwner
  • vpc-endpoint-service
      Conditions
    • + ec2:Attribute/${AttributeName}
  • vpc
      Conditions
    • + ec2:Attribute/${AttributeName}
  • vpc-peering-connection
      Conditions
    • + ec2:Attribute/${AttributeName}
  • vpn-connection
      Conditions
    • + ec2:Attribute/${AttributeName}
    • + ec2:Phase1DHGroup
    • + ec2:Phase2DHGroup
    • + ec2:PreSharedKeys
    • - ec2:Phase1DHGroupNumbers
    • - ec2:Phase2DHGroupNumbers
    • - ec2:PresharedKeys
  • local-gateway-route-table-vpc-association
      Conditions
    • - ec2:Tenancy
    Conditions
  • ec2:Phase1DHGroup
      Description
    • Old: Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 2 IKE negotiations
      New: Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 1 IKE negotiations

Deletions

    Conditions
  • ec2:Phase1DHGroupNumbers
    • Description:  Filters access by the Diffie-Hellman group numbers that are permitted for a VPN tunnel for the phase 1 IKE negotiations
    • Type:  Numeric
  • ec2:PresharedKeys
    • Description:  Filters access by the pre-shared key (PSK) used to establish the initial IKE security association between a virtual private gateway and a customer gateway
    • Type:  String