2021-12-09
43 new actions, 5 new resources, 2 new conditions | 4 updated actions, 1 updated resource
Additions
Actions
-
AllocateIpamPoolCidr
-
Description:
Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
CreateIpam
-
Description:
Grants permission to create an Amazon VPC IP Address Manager (IPAM)
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
-
CreateIpamPool
-
Description:
Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
Name: ipam-scope
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
Dependents:
ec2:CreateTags
-
CreateIpamScope
-
Description:
Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
aws:RequestTag/${TagKey}
aws:TagKeys
-
Dependents:
ec2:CreateTags
-
CreateNetworkInsightsAccessScope
-
Description:
Grants permission to create a Network Access Scope
-
Access:
Write
-
Resources:
Name: network-insights-access-scope
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
-
CreatePublicIpv4Pool
-
Description:
Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)
-
Access:
Write
-
Resources:
Name: network-insights-access-scope
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
-
DeleteIpam
-
Description:
Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove all monitored data associated with the IPAM including the historical data for CIDRs
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeleteIpamPool
-
Description:
Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeleteIpamScope
-
Description:
Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPAM)
-
Access:
Write
-
Resources:
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeleteNetworkInsightsAccessScope
-
Description:
Grants permission to delete a Network Access Scope
-
Access:
Write
-
Resources:
Name: network-insights-access-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeleteNetworkInsightsAccessScopeAnalysis
-
Description:
Grants permission to delete a Network Access Scope analysis
-
Access:
Write
-
Resources:
Name: network-insights-access-scope-analysis
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeletePublicIpv4Pool
-
Description:
Grants permission to delete a public IPv4 address pool for public IPv4 CIDRs that you own and brought to Amazon to manage with Amazon VPC IP Address Manager (IPAM)
-
Access:
Write
-
Resources:
Name: ipv4pool-ec2
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeprovisionIpamPoolCidr
-
Description:
Grants permission to deprovision a CIDR provisioned from an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
DeprovisionPublicIpv4PoolCidr
-
Description:
Grants permission to deprovision a CIDR from a public IPv4 pool
-
Access:
Write
-
Resources:
Name: ipv4pool-ec2
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:Region
ec2:ResourceTag/${TagKey}
-
DescribeIpamPools
-
Description:
Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools
-
Access:
List
-
DescribeIpamScopes
-
Description:
Grants permission to describe Amazon VPC IP Address Manager (IPAM) scopes
-
Access:
List
-
DescribeIpams
-
Description:
Grants permission to describe an Amazon VPC IP Address Manager (IPAM)
-
Access:
List
-
DescribeNetworkInsightsAccessScopeAnalyses
-
Description:
Grants permission to describe one or more Network Access Scope analyses
-
Access:
List
-
DescribeNetworkInsightsAccessScopes
-
Description:
Grants permission to describe the Network Access Scopes
-
Access:
List
-
DescribeSnapshotTierStatus
-
Description:
Grants permission to describe the storage tier status for Amazon EBS snapshots
-
Access:
List
-
DisableIpamOrganizationAdminAccount
-
Description:
Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account
-
Access:
Write
-
EnableIpamOrganizationAdminAccount
-
Description:
Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account
-
Access:
Write
-
GetInstanceTypesFromInstanceRequirements
-
Description:
Grants permission to view a list of instance types with specified instance attributes
-
Access:
Read
-
GetIpamAddressHistory
-
Description:
Grants permission to retrieve historical information about a CIDR within an Amazon VPC IP Address Manager (IPAM) scope
-
Access:
Read
-
Resources:
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
GetIpamPoolAllocations
-
Description:
Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Read
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
GetIpamPoolCidrs
-
Description:
Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Read
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
GetIpamResourceCidrs
-
Description:
Grants permission to get information about the resources in an Amazon VPC IP Address Manager (IPAM) scope
-
Access:
Read
-
Resources:
Name: ipam-pool
Required: Yes
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
GetNetworkInsightsAccessScopeAnalysisFindings
-
Description:
Grants permission to get the findings for one or more Network Access Scope analyses
-
Access:
Read
-
GetNetworkInsightsAccessScopeContent
-
Description:
Grants permission to get the content for a specified Network Access Scope
-
Access:
Read
-
GetSpotPlacementScores
-
Description:
Grants permission to calculate the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements
-
Access:
Read
-
ListSnapshotsInRecycleBin
-
Description:
Grants permission to list the Amazon EBS snapshots that are currently in the Recycle Bin
-
Access:
List
-
Resources:
Name: snapshot
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:Region
ec2:ResourceTag/${TagKey}
ec2:SnapshotTime
ec2:VolumeSize
-
ModifyIpam
-
Description:
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM)
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ModifyIpamPool
-
Description:
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ModifyIpamResourceCidr
-
Description:
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR
-
Access:
Write
-
Resources:
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ModifyIpamScope
-
Description:
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) scope
-
Access:
Write
-
Resources:
Name: ipam-scope
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ModifySnapshotTier
-
Description:
Grants permission to archive Amazon EBS snapshots
-
Access:
Write
-
Resources:
Name: snapshot
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:Attribute/${AttributeName}
ec2:AvailabilityZone
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:Region
ec2:ResourceTag/${TagKey}
ec2:SnapshotTime
ec2:VolumeSize
-
MoveByoipCidrToIpam
-
Description:
Grants permission to move a BYOIP IPv4 CIDR to Amazon VPC IP Address Manager (IPAM) from a public IPv4 pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: No
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ProvisionIpamPoolCidr
-
Description:
Grants permission to provision a CIDR to an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
ProvisionPublicIpv4PoolCidr
-
Description:
Grants permission to provision a CIDR to a public IPv4 pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
Name: ipv4pool-ec2
Required: No
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
aws:ResourceTag/${TagKey}
-
ReleaseIpamPoolAllocation
-
Description:
Grants permission to release an allocation within an Amazon VPC IP Address Manager (IPAM) pool
-
Access:
Write
-
Resources:
Name: ipam-pool
Required: Yes
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
RestoreSnapshotFromRecycleBin
-
Description:
Grants permission to restore an Amazon EBS snapshot from the Recycle Bin
-
Access:
Write
-
Resources:
Name: snapshot
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:Region
ec2:ResourceTag/${TagKey}
ec2:SnapshotTime
ec2:VolumeSize
-
RestoreSnapshotTier
-
Description:
Grants permission to restore an archived Amazon EBS snapshot for use temporarily or permanently, or modify the restore period or restore type for a snapshot that was previously temporarily restored
-
Access:
Write
-
Resources:
Name: snapshot
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:Region
ec2:ResourceTag/${TagKey}
ec2:SnapshotTime
ec2:VolumeSize
-
StartNetworkInsightsAccessScopeAnalysis
-
Description:
Grants permission to start a Network Access Scope analysis
-
Access:
Write
-
Resources:
Name: network-insights-access-scope
Required: No
-
Conditions:
ec2:Region
ec2:ResourceTag/${TagKey}
-
Dependents:
ec2:CreateTags
Resources
-
ipam
-
Arn:
arn:${Partition}:ec2::${Account}:ipam/${IpamId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
ipam-pool
-
Arn:
arn:${Partition}:ec2::${Account}:ipam-pool/${IpamPoolId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
ipam-scope
-
Arn:
arn:${Partition}:ec2::${Account}:ipam-scope/${IpamScopeId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
network-insights-access-scope-analysis
-
Arn:
arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope-analysis/${NetworkInsightsAccessScopeAnalysisId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
network-insights-access-scope
-
Arn:
arn:${Partition}:ec2:${Region}:${Account}:network-insights-access-scope/${NetworkInsightsAccessScopeId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
Conditions
-
ec2:Ipv4IpamPoolId
-
Description:
Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation
-
Type:
String
-
ec2:Ipv6IpamPoolId
-
Description:
Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation
-
Type:
String
Updates
Resources
-
vpc
Conditions
-
+ ec2:Ipv4IpamPoolId
-
+ ec2:Ipv6IpamPoolId