Amazon EC2 (ec2)

Additions

Actions

• AcceptTransitGatewayClientVpnAttachment
  
  • Description:  Grants permission to accept a transit gateway attachment request for a Client VPN endpoint
  • Access:  Write
  • Resources: 

    Name: transit-gateway-attachment

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    ec2:transitGatewayAttachmentId

    ec2:Region

• CreateCapacityReservationCancellationQuote
  
  • Description:  Grants permission to generate a cancellation quote for a future-dated Capacity Reservation
  • Access:  Write
  • Resources: 

    Name: capacity-reservation-cancellation-quote

    Required: Yes

  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:TagKeys

    ec2:Region

  • Dependents: 

    ec2:CreateTags

• DeleteTransitGatewayClientVpnAttachment
  
  • Description:  Grants permission to delete a transit gateway attachment for a Client VPN endpoint
  • Access:  Write
  • Resources: 

    Name: transit-gateway-attachment

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    ec2:transitGatewayAttachmentId

    ec2:Region

• DescribeCapacityReservationCancellationQuotes
  
  • Description:  Grants permission to describe one or more Capacity Reservation cancellation quotes
  • Access:  List
  • Conditions: 

    ec2:Region

• DescribeIpamPoolAllocations
  
  • Description:  Grants permission to describe IPAM pool allocations
  • Access:  List
  • Conditions: 

    ec2:Region

• GetCapacityManagerMonitoredTagKeys
  
  • Description:  Grants permission to retrieve the tag keys that are currently being monitored by EC2 Capacity Manager
  • Access:  List
  • Conditions: 

    ec2:Region

• GetManagedResourceVisibility
  
  • Description:  Grants permission to retrieve the managed resource visibility configuration for the account
  • Access:  List
  • Conditions: 

    ec2:Region

• ModifyIpamPoolAllocation
  
  • Description:  Grants permission to modify the description of an IPAM pool allocation
  • Access:  Write
  • Resources: 

    Name: ipam-pool-allocation

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:Attribute

    ec2:Attribute/${AttributeName}

    ec2:ResourceTag/${TagKey}

    ec2:Region

• ModifyManagedResourceVisibility
  
  • Description:  Grants permission to modify the managed resource visibility configuration for the account
  • Access:  Write
  • Conditions: 

    ec2:Region

• RejectTransitGatewayClientVpnAttachment
  
  • Description:  Grants permission to reject a transit gateway attachment request for a Client VPN endpoint
  • Access:  Write
  • Resources: 

    Name: transit-gateway-attachment

    Required: Yes

  • Conditions: 

    aws:ResourceTag/${TagKey}

    ec2:ResourceTag/${TagKey}

    ec2:transitGatewayAttachmentId

    ec2:Region

• UpdateCapacityManagerMonitoredTagKeys
  
  • Description:  Grants permission to activate or deactivate tag keys for monitoring by EC2 Capacity Manager
  • Access:  Write
  • Conditions: 

    ec2:Region

Resources

• capacity-reservation-cancellation-quote
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation-cancellation-quote/${CapacityReservationCancellationQuoteId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Attribute

    ec2:Attribute/${AttributeName}

    ec2:Region

    ec2:ResourceTag/${TagKey}

• ipam-pool-allocation
  
  • Arn:  arn:${Partition}:ec2:${Region}:${Account}:ipam-pool-allocation/${IpamPoolAllocationId}
  • Conditions: 

    aws:RequestTag/${TagKey}

    aws:ResourceTag/${TagKey}

    aws:TagKeys

    ec2:Attribute

    ec2:Attribute/${AttributeName}

    ec2:Region

    ec2:ResourceTag/${TagKey}

Updates

Actions

• ApplySecurityGroupsToClientVpnTargetNetwork
  
  Conditions
  
  • ＋ aws:RequestTag/${TagKey}
  • ＋ aws:TagKeys
  Resources
  
  • ＋ ipam-pool-allocation
  Dependents
  
  • ＋ ec2:CreateTags
• AssociateDhcpOptions
  
  Resources
  

  • New_value: No

    Old_value: Yes

• CancelCapacityReservationFleets
  
  Conditions
  
  • ＋ ec2:ResourceTag/${TagKey}
  Resources
  
  • ＋ capacity-reservation-cancellation-quote
• CreateCoipCidr
  
  Conditions
  
  • ＋ ec2:transitGatewayId
  Resources
  
  • ＋ transit-gateway
• CreateCoipPool
  
  Resources
  

  • New_value: No

    Old_value: Yes

• ModifyIdentityIdFormat
  
  Conditions
  
  • ＋ ec2:transitGatewayId
  Resources
  
  • ＋ transit-gateway
• CreateTrafficMirrorFilterRule
  
  Resources
  
  • ＋ capacity-reservation-cancellation-quote
  • ＋ ipam-pool-allocation
• DeleteTrafficMirrorFilterRule
  
  Resources
  
  • ＋ capacity-reservation-cancellation-quote
  • ＋ ipam-pool-allocation