Change log of AWS IAM permissions

2024-05-25

3 new actions | 2 updated actions

Additions

Actions

DisableImageDeregistrationProtection
- Description: Grants permission to disable deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered
- Access: Write
- Resources:
  Name: image
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ImageID
  
  ec2:ImageType
  
  ec2:Owner
  
  ec2:Public
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Region
EnableImageDeregistrationProtection
- Description: Grants permission to enable deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered
- Access: Write
- Resources:
  Name: image
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ImageID
  
  ec2:ImageType
  
  ec2:Owner
  
  ec2:Public
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Region
GetInstanceTpmEkPub
- Description: Grants permission to get the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance
- Access: Read
- Resources:
  Name: instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:AvailabilityZone
  
  ec2:EbsOptimized
  
  ec2:InstanceAutoRecovery
  
  ec2:InstanceID
  
  ec2:InstanceMarketType
  
  ec2:InstanceMetadataTags
  
  ec2:InstanceProfile
  
  ec2:InstanceType
  
  ec2:MetadataHttpEndpoint
  
  ec2:MetadataHttpPutResponseHopLimit
  
  ec2:MetadataHttpTokens
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Tenancy
  
  ec2:Region

Updates

Actions

DescribeAddressesAttribute
- － aws:ResourceTag/${TagKey}
- － ec2:AllocationId
- － ec2:Domain
- － ec2:PublicIpAddress
- － ec2:ResourceTag/${TagKey}
- － elastic-ip
DescribeSecurityGroupReferences
- ＋ aws:ResourceTag/${TagKey}
- ＋ ec2:ResourceTag/${TagKey}
- ＋ ec2:SecurityGroupID
- ＋ ec2:Vpc
- ＋ security-group

Amazon EC2 (ec2)

Additions

Updates