Amazon EC2 (ec2)

Additions

Actions

• AttachResourcesToPlacementGroup
  
  • Description:  Grants permission to attach resources to a placement group
  • Access:  Permissions management
  • Resources: 

    Name: placement-group

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:PlacementGroupName

    ec2:PlacementGroupStrategy

    ec2:ResourceTag/${TagKey}

    ec2:Region

• CreateSecondaryNetwork
  
  • Description:  Grants permission to create a secondary network
  • Access:  Write
  • Resources: 

    Name: secondary-network

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

  • Dependents: 

    ec2:CreateTags

• CreateSecondarySubnet
  
  • Description:  Grants permission to create a secondary subnet
  • Access:  Write
  • Resources: 

    Name: secondary-network

    Required: Yes

    Name: secondary-subnet

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

  • Dependents: 

    ec2:CreateTags

• DeleteSecondaryNetwork
  
  • Description:  Grants permission to delete a secondary network
  • Access:  Write
  • Resources: 

    Name: secondary-network

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    ec2:Region

• DeleteSecondarySubnet
  
  • Description:  Grants permission to delete a secondary subnet
  • Access:  Write
  • Resources: 

    Name: secondary-subnet

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    ec2:Region

• DescribeSecondaryInterfaces
  
  • Description:  Grants permission to describe one or more secondary interfaces
  • Access:  List
  • Conditions: 

    ec2:Region

• DescribeSecondaryNetworks
  
  • Description:  Grants permission to describe one or more secondary networks
  • Access:  List
  • Conditions: 

    ec2:Region

• DescribeSecondarySubnets
  
  • Description:  Grants permission to describe one or more secondary subnets
  • Access:  List
  • Conditions: 

    ec2:Region

• DetachResourcesFromPlacementGroup
  
  • Description:  Grants permission to detach resources from a placement group
  • Access:  Permissions management
  • Resources: 

    Name: placement-group

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:PlacementGroupName

    ec2:PlacementGroupStrategy

    ec2:ResourceTag/${TagKey}

    ec2:Region

Resources

• secondary-interface
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:secondary-interface/${SecondaryInterfaceId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:AvailabilityZone

    ec2:AvailabilityZoneId

    ec2:IsLaunchTemplateResource

    ec2:LaunchTemplate

    ec2:Region

    ec2:ResourceTag/${TagKey}

• secondary-network
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:secondary-network/${SecondaryNetworkId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Region

    ec2:ResourceTag/${TagKey}

• secondary-subnet
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:secondary-subnet/${SecondarySubnetId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Region

    ec2:ResourceTag/${TagKey}

Updates

Actions

• CreateTrafficMirrorSession
  
  Resources
  
  • ＋ secondary-interface
  • ＋ secondary-network
  • ＋ secondary-subnet
• DeleteTransitGateway
  
  Resources
  
  • ＋ secondary-interface
  • ＋ secondary-network
  • ＋ secondary-subnet
• StartNetworkInsightsAccessScopeAnalysis
  
  Resources
  
  • ＋ secondary-subnet