Amazon EC2 (ec2)

2024-05-25

3 new actions | 2 updated actions

Additions

    Actions
  • DisableImageDeregistrationProtection
    • Description:  Grants permission to disable deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered
    • Access:  Write
    • Resources: 

      Name: image

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ImageID

      ec2:ImageType

      ec2:Owner

      ec2:Public

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Region

  • EnableImageDeregistrationProtection
    • Description:  Grants permission to enable deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered
    • Access:  Write
    • Resources: 

      Name: image

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ImageID

      ec2:ImageType

      ec2:Owner

      ec2:Public

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Region

  • GetInstanceTpmEkPub
    • Description:  Grants permission to get the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance
    • Access:  Read
    • Resources: 

      Name: instance

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:EbsOptimized

      ec2:InstanceAutoRecovery

      ec2:InstanceID

      ec2:InstanceMarketType

      ec2:InstanceMetadataTags

      ec2:InstanceProfile

      ec2:InstanceType

      ec2:MetadataHttpEndpoint

      ec2:MetadataHttpPutResponseHopLimit

      ec2:MetadataHttpTokens

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Tenancy

      ec2:Region

Updates

    Actions
  • DescribeAddressesAttribute
      Conditions
    • - aws:ResourceTag/${TagKey}
    • - ec2:AllocationId
    • - ec2:Domain
    • - ec2:PublicIpAddress
    • - ec2:ResourceTag/${TagKey}
      Resources
    • - elastic-ip
  • DescribeSecurityGroupReferences
      Conditions
    • + aws:ResourceTag/${TagKey}
    • + ec2:ResourceTag/${TagKey}
    • + ec2:SecurityGroupID
    • + ec2:Vpc
      Resources
    • + security-group