2023-02-17
10 new actions, 2 new resources | 9 updated actions, 2 updated conditions
Additions
Actions
-
AssociateIpamResourceDiscovery
-
Description:
Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
Name: ipam-resource-discovery
Required: Yes
Name: ipam-resource-discovery-association
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
-
CreateIpamResourceDiscovery
-
Description:
Grants permission to create an IPAM resource discovery
-
Access:
Write
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
iam:CreateServiceLinkedRole
-
DeleteIpamResourceDiscovery
-
Description:
Grants permission to delete an IPAM resource discovery
-
Access:
Write
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
DescribeIpamResourceDiscoveries
-
Description:
Grants permission to describe IPAM resource discoveries
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeIpamResourceDiscoveryAssociations
-
Description:
Grants permission to describe resource discovery associations with an Amazon VPC IPAM
-
Access:
List
-
Conditions:
ec2:Region
-
DisassociateIpamResourceDiscovery
-
Description:
Grants permission to disassociate a resource discovery from an Amazon VPC IPAM
-
Access:
Write
-
Resources:
Name: ipam-resource-discovery-association
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetIpamDiscoveredAccounts
-
Description:
Grants permission to retrieve IPAM discovered accounts
-
Access:
Read
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetIpamDiscoveredResourceCidrs
-
Description:
Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery
-
Access:
Read
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
ModifyIpamResourceDiscovery
-
Description:
Grants permission to modify a resource discovery
-
Access:
Write
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
PauseVolumeIO
-
Description:
Grants permission to temporarily pause I/O operations for a target Amazon EBS volume
-
Access:
Write
-
Resources:
Name: volume
Required: Yes
Name: instance
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:Encrypted
ec2:ParentSnapshot
ec2:ResourceTag/${TagKey}
ec2:VolumeID
ec2:VolumeIops
ec2:VolumeSize
ec2:VolumeThroughput
ec2:VolumeType
ec2:EbsOptimized
ec2:InstanceAutoRecovery
ec2:InstanceID
ec2:InstanceMarketType
ec2:InstanceMetadataTags
ec2:InstanceProfile
ec2:InstanceType
ec2:MetadataHttpEndpoint
ec2:MetadataHttpPutResponseHopLimit
ec2:MetadataHttpTokens
ec2:RootDeviceType
ec2:Tenancy
ec2:Region
Resources
-
ipam-resource-discovery-association
-
Arn:
arn:${Partition}:ec2::${Account}:ipam-resource-discovery-association/${IpamResourceDiscoveryAssociationId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:ResourceTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
ipam-resource-discovery
-
Arn:
arn:${Partition}:ec2::${Account}:ipam-resource-discovery/${IpamResourceDiscoveryId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:ResourceTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
Updates
Actions
-
CreateLocalGatewayRoute
Resources
-
New_value: No
Old_value: Yes
-
DescribeStoreImageTasks
Conditions
-
- aws:ResourceTag/${TagKey}
-
- ec2:ImageID
-
- ec2:ImageType
-
- ec2:Owner
-
- ec2:Public
-
- ec2:ResourceTag/${TagKey}
-
- ec2:RootDeviceType
-
DisableTransitGatewayRouteTablePropagation
Resources
-
New_value: No
Old_value: Yes
-
GetIpamResourceCidrs
Resources
-
New_value: No
Old_value: Yes
-
ModifyInstanceCapacityReservationAttributes
Resources
-
New_value: No
Old_value: Yes
-
ModifyVpcEndpointConnectionNotification
Resources
-
New_value: No
Old_value: Yes
Conditions
-
- ec2:Attribute
-
- ec2:Attribute/${AttributeName}
-
RunScheduledInstances
Conditions
-
- aws:ResourceTag/${TagKey}
-
- ec2:ImageID
-
- ec2:ImageType
-
- ec2:Owner
-
- ec2:Public
-
- ec2:ResourceTag/${TagKey}
-
- ec2:RootDeviceType
-
- ec2:AvailabilityZone
-
- ec2:SubnetID
-
- ec2:Vpc
-
- ec2:KeyPairName
-
- ec2:KeyPairType
-
- ec2:AssociatePublicIpAddress
-
- ec2:AuthorizedService
-
- ec2:NetworkInterfaceID
-
- ec2:Subnet
-
- ec2:PlacementGroupName
-
- ec2:PlacementGroupStrategy
-
- ec2:SecurityGroupID
-
- ec2:ParentVolume
-
- ec2:SnapshotID
-
- ec2:SnapshotTime
-
- ec2:VolumeSize
Resources
-
- image
-
- subnet
-
- key-pair
-
- network-interface
-
- placement-group
-
- security-group
-
- snapshot
-
CreateTags
-
DeleteTags