Amazon EC2 (ec2)

2024-11-07

10 new actions

Additions

    Actions
  • AcceptCapacityReservationBillingOwnership
    • Description:  Grants permission to accept assign billing of the available capacity of a shared Capacity Reservation to the calling account
    • Access:  Write
    • Resources: 

      Name: capacity-reservation

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:CapacityReservationFleet

      ec2:CreateDate

      ec2:DestinationCapacityReservationId

      ec2:EbsOptimized

      ec2:EndDate

      ec2:EndDateType

      ec2:InstanceCount

      ec2:InstanceMatchCriteria

      ec2:InstancePlatform

      ec2:InstanceType

      ec2:OutpostArn

      ec2:PlacementGroup

      ec2:ResourceTag/${TagKey}

      ec2:SourceCapacityReservationId

      ec2:Tenancy

      ec2:Region
  • AssociateCapacityReservationBillingOwner
    • Description:  Grants permission to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account
    • Access:  Write
    • Resources: 

      Name: capacity-reservation

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:CapacityReservationFleet

      ec2:CreateDate

      ec2:DestinationCapacityReservationId

      ec2:EbsOptimized

      ec2:EndDate

      ec2:EndDateType

      ec2:InstanceCount

      ec2:InstanceMatchCriteria

      ec2:InstancePlatform

      ec2:InstanceType

      ec2:OutpostArn

      ec2:PlacementGroup

      ec2:ResourceTag/${TagKey}

      ec2:SourceCapacityReservationId

      ec2:Tenancy

      ec2:Region
  • AssociateSecurityGroupVpc
    • Description:  Grants permission to associate a security group with another VPC in the same Region
    • Access:  Write
    • Resources: 

      Name: security-group

      Required: Yes

      Name: vpc

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ResourceTag/${TagKey}

      ec2:SecurityGroupID

      ec2:Vpc

      ec2:Ipv4IpamPoolId

      ec2:Ipv6IpamPoolId

      ec2:Tenancy

      ec2:VpcID

      ec2:Region
  • DescribeCapacityReservationBillingRequests
    • Description:  Grants permission to describe one or more requests to assign the billing of the unused capacity of a Capacity Reservation
    • Access:  List
    • Conditions: 

      ec2:Region
  • DescribeInstanceImageMetadata
    • Description:  Grants permission to describe the AMI that was used to launch an instance
    • Access:  List
    • Conditions: 

      ec2:Region
  • DescribeSecurityGroupVpcAssociations
    • Description:  Grants permission to describe security group VPC associations
    • Access:  List
    • Conditions: 

      ec2:Region
  • DisassociateCapacityReservationBillingOwner
    • Description:  Grants permission to cancel a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account
    • Access:  Write
    • Resources: 

      Name: capacity-reservation

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:CapacityReservationFleet

      ec2:CreateDate

      ec2:DestinationCapacityReservationId

      ec2:EbsOptimized

      ec2:EndDate

      ec2:EndDateType

      ec2:InstanceCount

      ec2:InstanceMatchCriteria

      ec2:InstancePlatform

      ec2:InstanceType

      ec2:OutpostArn

      ec2:PlacementGroup

      ec2:ResourceTag/${TagKey}

      ec2:SourceCapacityReservationId

      ec2:Tenancy

      ec2:Region
  • DisassociateSecurityGroupVpc
    • Description:  Grants permission to disassociate a security group from a VPC
    • Access:  Write
    • Resources: 

      Name: security-group

      Required: Yes

      Name: vpc

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:ResourceTag/${TagKey}

      ec2:SecurityGroupID

      ec2:Vpc

      ec2:Ipv4IpamPoolId

      ec2:Ipv6IpamPoolId

      ec2:Tenancy

      ec2:VpcID

      ec2:Region
  • ModifyInstanceCpuOptions
    • Description:  Grants permission to modify the CPU options on an instance
    • Access:  Write
    • Resources: 

      Name: instance

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:Attribute

      ec2:Attribute/${AttributeName}

      ec2:AvailabilityZone

      ec2:CpuOptionsAmdSevSnp

      ec2:EbsOptimized

      ec2:InstanceAutoRecovery

      ec2:InstanceID

      ec2:InstanceMarketType

      ec2:InstanceMetadataTags

      ec2:InstanceProfile

      ec2:InstanceType

      ec2:MetadataHttpEndpoint

      ec2:MetadataHttpPutResponseHopLimit

      ec2:MetadataHttpTokens

      ec2:PlacementGroup

      ec2:ProductCode

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Tenancy

      ec2:Region
  • RejectCapacityReservationBillingOwnership
    • Description:  Grants permission to reject a request to assign billing of the available capacity of a shared Capacity Reservation to your account
    • Access:  Write
    • Resources: 

      Name: capacity-reservation

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:CapacityReservationFleet

      ec2:CreateDate

      ec2:DestinationCapacityReservationId

      ec2:EbsOptimized

      ec2:EndDate

      ec2:EndDateType

      ec2:InstanceCount

      ec2:InstanceMatchCriteria

      ec2:InstancePlatform

      ec2:InstanceType

      ec2:OutpostArn

      ec2:PlacementGroup

      ec2:ResourceTag/${TagKey}

      ec2:SourceCapacityReservationId

      ec2:Tenancy

      ec2:Region