Amazon EC2 (ec2)

2023-10-31

2 new actions | 21 updated actions

Additions

    Actions
  • DisableImage
    • Description:  Grants permission to disable an AMI
    • Access:  Write
    • Resources: 

      Name: image

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ImageID

      ec2:ImageType

      ec2:Owner

      ec2:Public

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Region
  • EnableImage
    • Description:  Grants permission to re-enable a disabled AMI
    • Access:  Write
    • Resources: 

      Name: image

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ImageID

      ec2:ImageType

      ec2:Owner

      ec2:Public

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Region

Updates

    Actions
  • ApplySecurityGroupsToClientVpnTargetNetwork
      Conditions
    • + ec2:Vpc
    • + ec2:Tenancy
  • AttachClassicLinkVpc
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
  • AttachVolume
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
  • CreateNetworkInsightsPath
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMarketType
    • + ec2:InstanceMetadataTags
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:ProductCode
  • CreateTrafficMirrorSession
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:Subnet
    • + ec2:Vpc
  • DescribeFastLaunchImages
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:ImageID
    • - ec2:ImageType
    • - ec2:Owner
    • - ec2:Public
    • - ec2:ResourceTag/${TagKey}
    • - ec2:RootDeviceType
      Resources
    • - image
  • DetachVolume
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
  • GetImageBlockPublicAccessState
      Access
    • Write  ⟶  Read
  • GetNetworkInsightsAccessScopeAnalysisFindings
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ResourceTag/${TagKey}
      Resources
    • + network-insights-access-scope-analysis
  • GetNetworkInsightsAccessScopeContent
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ResourceTag/${TagKey}
      Resources
    • + network-insights-access-scope
  • ModifyClientVpnEndpoint
      Conditions
    • + ec2:Vpc
    • + ec2:Tenancy
  • ModifyInstanceEventStartTime
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:EbsOptimized
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMarketType
    • + ec2:InstanceMetadataTags
    • + ec2:InstanceProfile
    • + ec2:InstanceType
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
    • + ec2:PlacementGroup
    • + ec2:ProductCode
    • + ec2:RootDeviceType
    • + ec2:Tenancy
  • ModifyTransitGatewayVpcAttachment
      Conditions
    • + ec2:AvailabilityZone
    • + ec2:Vpc
  • ModifyVpcEndpoint
      Conditions
    • + ec2:Vpc
    • + ec2:AvailabilityZone
  • ResetInstanceAttribute
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
  • StartInstances
      Conditions
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • StopInstances
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
    • + ec2:MetadataHttpEndpoint
    • + ec2:MetadataHttpPutResponseHopLimit
    • + ec2:MetadataHttpTokens
  • TerminateInstances
      Conditions
    • + ec2:InstanceAutoRecovery
    • + ec2:InstanceMetadataTags
    • + ec2:ProductCode
  • CreateFlowLogs
      Resources
    • + transit-gateway
    • + transit-gateway-attachment
  • CreateTrafficMirrorFilterRule
      Resources
    • + traffic-mirror-filter-rule
  • ReplaceRouteTableAssociation
      Resources
    • + vpn-gateway