Amazon EC2 (ec2)

Additions

Actions

• CancelCapacityReservationFleets
  
  • Description:  Grants permission to cancel one or more Capacity Reservation Fleets
  • Access:  Write
  • Resources: 

    Name: capacity-reservation-fleet

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Region

    ec2:ResourceTag/${TagKey}

• CreateCapacityReservationFleet
  
  • Description:  Grants permission to create a Capacity Reservation Fleet
  • Access:  Write
  • Resources: 

    Name: capacity-reservation-fleet

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

  • Dependents: 

    ec2:CreateTags

• GetVpnConnectionDeviceSampleConfiguration
  
  • Description:  Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device
  • Access:  List
  • Resources: 

    Name: vpn-connection

    Required: Yes

    Name: vpn-connection-device-type

    Required: No

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:AuthenticationType

    ec2:DPDTimeoutSeconds

    ec2:GatewayType

    ec2:IKEVersions

    ec2:InsideTunnelCidr

    ec2:Phase1DHGroup

    ec2:Phase1EncryptionAlgorithms

    ec2:Phase1IntegrityAlgorithms

    ec2:Phase1LifetimeSeconds

    ec2:Phase2DHGroup

    ec2:Phase2EncryptionAlgorithms

    ec2:Phase2IntegrityAlgorithms

    ec2:Phase2LifetimeSeconds

    ec2:PreSharedKeys

    ec2:Region

    ec2:RekeyFuzzPercentage

    ec2:RekeyMarginTimeSeconds

    ec2:ResourceTag/${TagKey}

    ec2:RoutingType

• GetVpnConnectionDeviceTypes
  
  • Description:  Grants permission to obtain a list of customer gateway devices for which sample configuration files can be provided
  • Access:  List
• ModifyCapacityReservationFleet
  
  • Description:  Grants permission to modify a Capacity Reservation Fleet
  • Access:  Write
  • Resources: 

    Name: capacity-reservation-fleet

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Attribute/${AttributeName}

    ec2:Region

    ec2:ResourceTag/${TagKey}

• SendSpotInstanceInterruptions
  
  • Description:  Grants permission to interrupt a Spot Instance
  • Access:  Write
  • Resources: 

    Name: instance

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:AvailabilityZone

    ec2:EbsOptimized

    ec2:InstanceMarketType

    ec2:InstanceProfile

    ec2:InstanceType

    ec2:MetadataHttpEndpoint

    ec2:MetadataHttpPutResponseHopLimit

    ec2:MetadataHttpTokens

    ec2:Region

    ec2:ResourceTag/${TagKey}

    ec2:RootDeviceType

    ec2:Tenancy

Resources

• capacity-reservation-fleet
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-fleet/${CapacityReservationFleetId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Attribute/${AttributeName}

    ec2:Region

    ec2:ResourceTag/${TagKey}

• vpn-connection-device-type
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:vpn-connection-device-type/${VpnConnectionDeviceTypeId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

    ec2:ResourceTag/${TagKey}

Updates

Actions

• CreateTags
  
  Resources
  
  • ＋ capacity-reservation-fleet
• DeleteTags
  
  Resources
  
  • ＋ capacity-reservation-fleet

Deletions

Conditions

• aws:ResourceTag/
  
  • Description:  Filters access by the preface string for a tag key and value pair that are attached to a resource
  • Type:  String