2023-12-02
15 new actions, 2 new conditions | 1 updated resource, 2 updated actions
Additions
Actions
-
AssociateIpamByoasn
-
Description:
Grants permission to associate an Autonomous System Number (ASN) with a BYOIP CIDR
-
Access:
Write
-
Conditions:
ec2:Region
-
DeprovisionIpamByoasn
-
Description:
Grants permission to deprovision an Autonomous System Number (ASN) from an Amazon Web Services account
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
DescribeCapacityBlockOfferings
-
Description:
Grants permission to describe Capacity Block offerings available for purchase
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeInstanceTopology
-
Description:
Grants permission to describe a tree-based hierarchy that represents the physical host placement of EC2 instances
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeIpamByoasn
-
Description:
Grants permission to describe a bring your own Autonomous System Number (BYOASN) that you've brought to IPAM
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeLockedSnapshots
-
Description:
Grants permission to describe the lock status for a snapshot
-
Access:
List
-
Conditions:
ec2:Region
-
DisableSnapshotBlockPublicAccess
-
Description:
Grants permission to disable the block public access for snapshots setting for a Region
-
Access:
Write
-
Conditions:
ec2:Region
-
DisassociateIpamByoasn
-
Description:
Grants permission to disassociate an Autonomous System Number (ASN) from a BYOIP CIDR
-
Access:
Write
-
Conditions:
ec2:Region
-
EnableSnapshotBlockPublicAccess
-
Description:
Grants permission to enable or modify the block public access for snapshots setting for a Region
-
Access:
Write
-
Conditions:
ec2:Region
-
GetIpamDiscoveredPublicAddresses
-
Description:
Grants permission to retrieve the public IP addresses that have been discovered by IPAM
-
Access:
Read
-
Resources:
Name: ipam-resource-discovery
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetSnapshotBlockPublicAccessState
-
Description:
Grants permission to retrieve the current state of the block public access for snapshots setting for a Region
-
Access:
Read
-
Conditions:
ec2:Region
-
LockSnapshot
-
Description:
Grants permission to lock an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions
-
Access:
Write
-
Resources:
Name: snapshot
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:ResourceTag/${TagKey}
ec2:SnapshotCoolOffPeriod
ec2:SnapshotID
ec2:SnapshotLockDuration
ec2:SnapshotTime
ec2:VolumeSize
ec2:Region
-
ProvisionIpamByoasn
-
Description:
Grants permission to provision an Autonomous System Number (ASN) for use in an Amazon Web Services account
-
Access:
Write
-
Resources:
Name: ipam
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
PurchaseCapacityBlock
-
Description:
Grants permission to purchase a Capacity Block offering
-
Access:
Write
-
Resources:
Name: capacity-reservation
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:CapacityReservationFleet
ec2:Region
-
Dependents:
ec2:CreateTags
-
UnlockSnapshot
-
Description:
Grants permission to unlock a snapshot that is locked in governance mode or in compliance mode while still in the cooling-off period
-
Access:
Write
-
Resources:
Name: snapshot
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:Encrypted
ec2:Owner
ec2:ParentVolume
ec2:ResourceTag/${TagKey}
ec2:SnapshotCoolOffPeriod
ec2:SnapshotID
ec2:SnapshotLockDuration
ec2:SnapshotTime
ec2:VolumeSize
ec2:Region
Updates
Resources
-
snapshot
Conditions
-
+ ec2:SnapshotCoolOffPeriod
-
+ ec2:SnapshotLockDuration