Amazon EC2 Image Builder (imagebuilder)

2025-07-30

2 new resources | 22 updated actions, 1 updated resource | 2 removed resources

Additions

    Resources
  • allImageBuildVersions
    • Arn:  arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/*
  • allWorkflowBuildVersions
    • Arn:  arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}/*

Updates

    Actions
  • CreateComponent
      Dependents
    • + s3:GetObject
    • + s3:ListBucket
    • - iam:CreateServiceLinkedRole
  • CreateContainerRecipe
      Dependents
    • + ec2:DescribeImages
    • + s3:GetObject
    • + s3:ListBucket
    • - iam:CreateServiceLinkedRole
  • CreateDistributionConfiguration
      Dependents
    • + ec2:CreateLaunchTemplateVersion
    • + ec2:DescribeLaunchTemplates
    • + ec2:ModifyLaunchTemplate
    • + s3:ListBucket
    • - iam:CreateServiceLinkedRole
  • CreateImage
      Dependents
    • + ecr:BatchGetRepositoryScanningConfiguration
    • + ecr:DescribeRepositories
    • + inspector2:BatchGetAccountStatus
  • CreateImagePipeline
      Dependents
    • + ecr:BatchGetRepositoryScanningConfiguration
    • + ecr:DescribeRepositories
    • + inspector2:BatchGetAccountStatus
  • CreateImageRecipe
      Dependents
    • - iam:CreateServiceLinkedRole
  • CreateInfrastructureConfiguration
      Conditions
    • + imagebuilder:CreatedResourceTag/${TagKey}
    • - imagebuilder:CreatedResourceTag/
      Dependents
    • + ec2:DescribeAvailabilityZones
    • + ec2:DescribeHosts
    • + resource-groups:GetGroup
    • - iam:CreateServiceLinkedRole
  • ImportComponent
      Dependents
    • + s3:GetObject
    • + s3:ListBucket
    • - iam:CreateServiceLinkedRole
  • UntagResource
      Conditions
    • - aws:ResourceTag/${TagKey}
  • UpdateDistributionConfiguration
      Dependents
    • + ec2:CreateLaunchTemplateVersion
    • + ec2:DescribeLaunchTemplates
    • + ec2:ModifyLaunchTemplate
    • + s3:ListBucket
  • UpdateImagePipeline
      Dependents
    • + ecr:BatchGetRepositoryScanningConfiguration
    • + ecr:DescribeRepositories
    • + inspector2:BatchGetAccountStatus
  • UpdateInfrastructureConfiguration
      Conditions
    • + imagebuilder:CreatedResourceTag/${TagKey}
    • - aws:ResourceTag/${TagKey}
    • - imagebuilder:CreatedResourceTag/
      Dependents
    • + ec2:DescribeAvailabilityZones
    • + ec2:DescribeHosts
    • + resource-groups:GetGroup
  • ListComponentBuildVersions
      Resources
    • + {'name': 'allComponentBuildVersions', 'is_required': True}
    • - {'name': 'componentVersion', 'is_required': True}
  • ListImageBuildVersions
      Resources
    • + {'name': 'allImageBuildVersions', 'is_required': True}
    • - {'name': 'imageVersion', 'is_required': True}
  • ListWorkflowBuildVersions
      Resources
    • + {'name': 'allWorkflowBuildVersions', 'is_required': True}
    • - {'name': 'workflowVersion', 'is_required': True}
  • GetWorkflowStepExecution
      Dependents
    • + kms:Decrypt
  • ImportVmImage
      Dependents
    • + imagebuilder:TagResource
  • ListWorkflowStepExecutions
      Dependents
    • + kms:Decrypt
  • GetImage
      Conditions
    • - aws:ResourceTag/${TagKey}
  • ListImagePackages
      Conditions
    • - aws:ResourceTag/${TagKey}
  • ListTagsForResource
      Conditions
    • - aws:ResourceTag/${TagKey}
  • TagResource
      Conditions
    • - aws:ResourceTag/${TagKey}
    Resources
  • allComponentBuildVersions
      Arn
    • Old: arn:${Partition}:imagebuilder:${Region}:${Account}:workflow/${WorkflowType}/${WorkflowName}/${WorkflowVersion}
      New: arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/*
      Conditions

    • New_value: []

      Old_value: ['aws:ResourceTag/${TagKey}']

Deletions

    Resources
  • componentVersion
    • Arn:  arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}
    • Conditions: 

      aws:ResourceTag/${TagKey}
  • kmsKey
    • Arn:  arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}