793 actions in the ec2 service. Select an action to see its access level, resource ARNs, condition keys, and a copy-paste IAM policy.
Grants permission to accept an Elastic IP address transfer
Grants permission to accept assign billing of the available capacity of a shared Capacity Reservation to the calling account
Grants permission to accept a Convertible Reserved Instance exchange quote
Grants permission to accept a transit gateway attachment request for a Client VPN endpoint
Grants permission to accept a request to associate subnets with a transit gateway multicast domain
Grants permission to accept a transit gateway peering attachment request
Grants permission to accept a request to attach a VPC to a transit gateway
Grants permission to accept one or more interface VPC endpoint connections to your VPC endpoint service
Grants permission to accept a VPC peering connection request
Grants permission to advertise an IP address range that is provisioned for use in AWS through bring your own IP addresses (BYOIP)
Grants permission to allocate an Elastic IP address (EIP) to your account
Grants permission to allocate a Dedicated Host to your account
Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to apply a security group to the association between a Client VPN endpoint and a target network
Grants permission to assign one or more IPv6 addresses to a network interface
Grants permission to assign one or more secondary private IP addresses to a network interface
Grants permission to assign one or more secondary private IP addresses to a private NAT gateway
Grants permission to associate an Elastic IP address (EIP) with an instance or a network interface
Grants permission to assign billing of the unused capacity of a shared Capacity Reservation to a consumer account
Grants permission to associate a target network with a Client VPN endpoint
Grants permission to associate or disassociate a set of DHCP options with a VPC
Grants permission to associate an ACM certificate with an IAM role to be used in an EC2 Enclave
Grants permission to associate an IAM instance profile with a running or stopped instance
Grants permission to associate one or more targets with an event window
Grants permission to associate an Autonomous System Number (ASN) with a BYOIP CIDR
Grants permission to associate an IPAM resource discovery with an Amazon VPC IPAM
Grants permission to associate an Elastic IP address and private IP address with a public Nat gateway
Grants permission to associate a route server with a VPC
Grants permission to associate a subnet or gateway with a route table
Grants permission to associate a security group with another VPC in the same Region
Grants permission to associate a CIDR block with a subnet
Grants permission to associate an attachment and list of subnets with a transit gateway multicast domain
Grants permission to associate a policy table with a transit gateway attachment
Grants permission to associate an attachment with a transit gateway route table
Grants permission to associate a branch network interface with a trunk network interface
Grants permission to associate an AWS Web Application Firewall (WAF) web access control list (ACL) with a Verified Access instance
Grants permission to associate a CIDR block with a VPC
Grants permission to attach an appliance with a public/private Natgateway
Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups
Grants permission to attach a watermark to an Amazon Machine Image (AMI)
Grants permission to attach an internet gateway to a VPC
Grants permission to attach a network interface to an instance
Grants permission to attach resources to a placement group
Grants permission to attach a trust provider to a Verified Access instance
Grants permission to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name
Grants permission to attach a virtual private gateway to a VPC
Grants permission to add an inbound authorization rule to a Client VPN endpoint
Grants permission to add one or more outbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications
Grants permission to add one or more inbound rules to a VPC security group. Policies using the security-group-rule resource-level permission are only enforced when the API request includes TagSpecifications
Grants permission to bundle an instance store-backed Windows instance
Grants permission to cancel a bundling operation
Grants permission to cancel a Capacity Reservation and release the reserved capacity
Grants permission to cancel one or more Capacity Reservation Fleets
Grants permission to cancel an active conversion task
Grants permission to cancel a declarative policies report
Grants permission to cancel an active export task
Grants permission to remove your AWS account from the launch permissions for the specified AMI
Grants permission to cancel an in-process import virtual machine or import snapshot task
Grants permission to cancel a Reserved Instance listing on the Reserved Instance Marketplace
Grants permission to cancel one or more Spot Fleet requests
Grants permission to cancel one or more Spot Instance requests
Grants permission to determine whether an owned product code is associated with an instance
Grants permission to copy a source Amazon FPGA image (AFI) to the current Region. Resource-level permissions specified for this action apply to the new AFI only. They do not apply to the source AFI
Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region
Grants permission to copy a point-in-time snapshot of an EBS volume and store it in Amazon S3. Resource-level permissions specified for this action apply to both the snapshot copy and the source snapshot
Grants permission to create a copy of an EBS volume. Resource-level permissions specified for this action apply to the source and copied volume. Condition keys for the copied volume correspond to parameters specified in the CopyVolumes API request
Grants permission to create a new S3 Data Export for Capacity Manager
Grants permission to create a Capacity Reservation
Grants permission to create a new Capacity Reservation by splitting the available capacity of the source Capacity Reservation
Grants permission to generate a cancellation quote for a future-dated Capacity Reservation
Grants permission to create a Capacity Reservation Fleet
Grants permission to create a carrier gateway and provides CSP connectivity to VPC customers
Grants permission to create a Client VPN endpoint
Grants permission to add a network route to a Client VPN endpoint's route table
Grants permission to create a range of customer-owned IP (CoIP) addresses
Grants permission to create a pool of customer-owned IP (CoIP) addresses
Grants permission to allow a service to access a customer-owned IP (CoIP) pool
Grants permission to create a customer gateway, which provides information to AWS about your customer gateway device
Grants permission to create a default subnet in a specified Availability Zone in a default VPC
Grants permission to create a default VPC with a default subnet in each Availability Zone
Grants permission to create a volume ownership delegation task for an Apple silicon Mac instance
Grants permission to create a set of DHCP options for a VPC
Grants permission to create an egress-only internet gateway for a VPC
Grants permission to launch an EC2 Fleet. Resource-level permissions for this action do not include the resources specified in a launch template. To specify resource-level permissions for resources specified in a launch template, you must include the resources in the RunInstances action statement
Grants permission to create one or more flow logs to capture IP traffic for a network interface
Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint (DCP)
Grants permission to create an Amazon EBS-backed AMI from a stopped or running Amazon EBS-backed instance. This action can reboot instances as part of the image creation process, even without RebootInstances permissions. To prevent instance reboots during image creation, use the NoReboot parameter
Grants permission to create an AMI usage report
Grants permission to create an EC2 Instance Connect Endpoint that allows you to connect to an instance without a public IPv4 address
Grants permission to create an event window in which scheduled events for the associated Amazon EC2 instances can run
Grants permission to export a running or stopped instance to an Amazon S3 bucket
Grants permission to create an internet gateway for a VPC
Grants permission to create an interruptible Capacity Reservation by specifying the number of unused instances you want to allocate from your source reservation
Grants permission to create an Amazon VPC IP Address Manager (IPAM)
Grants permission to create a verification token, which proves ownership of an external resource
Grants permission to create a policy in Amazon VPC IP Address Manager (IPAM) that defines rules for allocating public IPv4 addresses from IPAM pools to AWS resources
Grants permission to create an IP address pool for Amazon VPC IP Address Manager (IPAM), which is a collection of contiguous IP address CIDRs
Grants permission to create an IPAM prefix list resolver that defines rules for selecting CIDRs to include in prefix lists
Grants permission to create an IPAM prefix list resolver target that links a resolver to a managed prefix list
Grants permission to create an IPAM resource discovery
Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, which is the highest-level container within IPAM
Grants permission to create a 2048-bit RSA key pair
Grants permission to create a launch template
Grants permission to create a new version of a launch template
Grants permission to create a static route for a local gateway route table
Grants permission to create a local gateway route table
Grants permission to allow a service to access a local gateway route table
Grants permission to create a local gateway route table virtual interface group association
Grants permission to associate a VPC with a local gateway route table
Grants permission to create a local gateway virtual interface
Grants permission to create a local gateway virtual interface group
Grants permission to create a System Integrity Protection (SIP) modification task for an Amazon EC2 Mac instance
Grants permission to create a managed prefix list
Grants permission to create a NAT gateway in a subnet
Grants permission to create a network ACL in a VPC
Grants permission to create a numbered entry (a rule) in a network ACL
Grants permission to create a Network Access Scope
Grants permission to create a path to analyze for reachability
Grants permission to create a network interface in a subnet
Grants permission to create a permission for an AWS-authorized user to perform certain operations on a network interface
Grants permission to allow Oracle Database@AWS to create a peering connection between an ODB network and a VPC
Grants permission to create a placement group
Grants permission to create a public IPv4 address pool for public IPv4 CIDRs that you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IPAM)
Grants permission to create a root volume replacement task
Grants permission to create a listing for Standard Reserved Instances to be sold in the Reserved Instance Marketplace
Grants permission to start a task that restores an AMI from an S3 object previously created by using CreateStoreImageTask
Grants permission to create a route in a VPC route table
Grants permission to create a route server
Grants permission to create a route server endpoint
Grants permission to create a route server peer
Grants permission to create a route table for a VPC
Grants permission to create a secondary network
Grants permission to create a secondary subnet
Grants permission to create a security group
Grants permission to create a snapshot of an EBS volume and store it in Amazon S3
Grants permission to create crash-consistent snapshots of multiple EBS volumes and store them in Amazon S3
Grants permission to create a data feed for Spot Instances to view Spot Instance usage logs
Grants permission to store an AMI as a single object in an S3 bucket
Grants permission to create a subnet in a VPC
Grants permission to create a subnet CIDR reservation
Grants permission to add or overwrite one or more tags for Amazon EC2 resources
Grants permission to create a traffic mirror filter
Grants permission to create a traffic mirror filter rule
Grants permission to create a traffic mirror session
Grants permission to create a traffic mirror target
Grants permission to create a transit gateway
Grants permission to create a Connect attachment from a specified transit gateway attachment
Grants permission to create a Connect peer between a transit gateway and an appliance
Grants permission to create a metering policy for a transit gateway
Grants permission to create an entry for a transit gateway metering policy
Grants permission to create a multicast domain for a transit gateway
Grants permission to request a transit gateway peering attachment between a requester and accepter transit gateway
Grants permission to create a transit gateway policy table
Grants permission to create a transit gateway prefix list reference
Grants permission to create a static route for a transit gateway route table
Grants permission to create a route table for a transit gateway
Grants permission to create an announcement for a transit gateway route table
Grants permission to attach a VPC to a transit gateway
Grants permission to create a Verified Access endpoint
Grants permission to create a Verified Access group
Grants permission to create a Verified Access instance
Grants permission to create a verified trust provider
Grants permission to create an EBS volume
Grants permission to create a VPC with a specified CIDR block
Grants permission to create an exclusion list for blocked public access on a VPC
Grants permission to create a VPC Encryption Control
Grants permission to create a VPC endpoint for an AWS service
Grants permission to create a connection notification for a VPC endpoint or VPC endpoint service
Grants permission to create a VPC endpoint service configuration to which service consumers (AWS accounts, IAM users, and IAM roles) can connect
Grants permission to request a VPC peering connection between two VPCs
Grants permission to create a VPN concentrator that aggregates multiple VPN connections to a transit gateway
Grants permission to create a VPN connection between a virtual private gateway or transit gateway and a customer gateway
Grants permission to create a static route for a VPN connection between a virtual private gateway and a customer gateway
Grants permission to create a virtual private gateway
Grants permission to delete an existing Capacity Manager data export configuration
Grants permission to delete a carrier gateway
Grants permission to delete a Client VPN endpoint
Grants permission to delete a route from a Client VPN endpoint
Grants permission to delete a range of customer-owned IP (CoIP) addresses
Grants permission to delete a pool of customer-owned IP (CoIP) addresses
Grants permission to deny a service from accessing a customer-owned IP (CoIP) pool
Grants permission to delete a customer gateway
Grants permission to delete a set of DHCP options
Grants permission to delete an egress-only internet gateway
Grants permission to delete one or more EC2 Fleets
Grants permission to delete one or more flow logs
Grants permission to delete an Amazon FPGA Image (AFI)
Grants permission to delete an AMI usage report
Grants permission to delete an EC2 Instance Connect Endpoint
Grants permission to delete the specified event window
Grants permission to delete an internet gateway
Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove all monitored data associated with the IPAM including the historical data for CIDRs
Grants permission to delete a verification token, which proves ownership of an external resource
Grants permission to delete an Amazon VPC IP Address Manager (IPAM) policy
Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to delete an IPAM prefix list resolver
Grants permission to delete an IPAM prefix list resolver target
Grants permission to delete an IPAM resource discovery
Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPAM)
Grants permission to delete a key pair by removing the public key from Amazon EC2
Grants permission to delete a launch template and its associated versions
Grants permission to delete one or more versions of a launch template
Grants permission to delete a route from a local gateway route table
Grants permission to delete a local gateway route table
Grants permission to deny a service from accessing a local gateway route table
Grants permission to delete a local gateway route table virtual interface group association
Grants permission to delete an association between a VPC and local gateway route table
Grants permission to delete a local gateway virtual interface
Grants permission to delete a local gateway virtual interface group
Grants permission to delete a managed prefix list
Grants permission to delete a NAT gateway
Grants permission to delete a network ACL
Grants permission to delete an inbound or outbound entry (rule) from a network ACL
Grants permission to delete a Network Access Scope
Grants permission to delete a Network Access Scope analysis
Grants permission to delete a network insights analysis
Grants permission to delete a network insights path
Grants permission to delete a detached network interface
Grants permission to delete a permission that is associated with a network interface
Grants permission to allow Oracle Database@AWS to delete a peering connection between an ODB network and a VPC
Grants permission to delete a placement group
Grants permission to delete a public IPv4 address pool for public IPv4 CIDRs that you own and brought to Amazon to manage with Amazon VPC IP Address Manager (IPAM)
Grants permission to delete the queued purchases for the specified Reserved Instances
Grants permission to remove an IAM policy that enables cross-account sharing from a resource
Grants permission to delete a route from a route table
Grants permission to delete a route server
Grants permission to delete a route server endpoint
Grants permission to delete a route server peer
Grants permission to delete a route table
Grants permission to delete a secondary network
Grants permission to delete a secondary subnet
Grants permission to delete a security group
Grants permission to delete a snapshot of an EBS volume
Grants permission to delete a data feed for Spot Instances
Grants permission to delete a subnet
Grants permission to delete a subnet CIDR reservation
Grants permission to delete one or more tags from Amazon EC2 resources
Grants permission to delete a traffic mirror filter
Grants permission to delete a traffic mirror filter rule
Grants permission to delete a traffic mirror session
Grants permission to delete a traffic mirror target
Grants permission to delete a transit gateway
Grants permission to delete a transit gateway attachment for a Client VPN endpoint
Grants permission to delete a transit gateway connect attachment
Grants permission to delete a transit gateway connect peer
Grants permission to delete a transit gateway metering policy
Grants permission to delete an entry from a transit gateway metering policy
Grants permission to delete a transit gateway multicast domain
Grants permission to delete a peering attachment from a transit gateway
Grants permission to delete a transit gateway policy table
Grants permission to delete a transit gateway prefix list reference
Grants permission to delete a route from a transit gateway route table
Grants permission to delete a transit gateway route table
Grants permission to delete a transit gateway route table announcement
Grants permission to delete a VPC attachment from a transit gateway
Grants permission to delete a Verified Access endpoint
Grants permission to delete a Verified Access group
Grants permission to delete a Verified Access instance
Grants permission to delete a verified trust provider
Grants permission to delete an EBS volume
Grants permission to delete a VPC
Grants permission to delete an exclusion list for blocked public access on a VPC
Grants permission to delete a VPC Encryption Control
Grants permission to delete one or more VPC endpoint connection notifications
Grants permission to delete one or more VPC endpoints
Grants permission to delete one or more VPC endpoint service configurations
Grants permission to delete a VPC peering connection
Grants permission to delete a VPN concentrator
Grants permission to delete a VPN connection
Grants permission to delete a static route for a VPN connection between a virtual private gateway and a customer gateway
Grants permission to delete a virtual private gateway
Grants permission to release an IP address range that was provisioned through bring your own IP addresses (BYOIP), and to delete the corresponding address pool
Grants permission to deprovision an Autonomous System Number (ASN) from an Amazon Web Services account
Grants permission to deprovision a CIDR provisioned from an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to deprovision a CIDR from a public IPv4 pool
Grants permission to deregister an Amazon Machine Image (AMI)
Grants permission to remove tags from the set of tags to include in notifications about scheduled events for your instances
Grants permission to deregister one or more network interface members from a group IP address in a transit gateway multicast domain
Grants permission to deregister one or more network interface sources from a group IP address in a transit gateway multicast domain
Grants permission to describe the attributes of the AWS account
Grants permission to describe one or more Elastic IP addresses
Grants permission to describe the attributes of the specified Elastic IP addresses
Grants permission to describe an Elastic IP address transfer
Grants permission to describe the longer ID format settings for all resource types
Grants permission to describe one or more of the Availability Zones that are available to you
Grants permission to describe the current infrastructure performance metric subscriptions
Grants permission to describe one or more bundling tasks
Grants permission to describe the IP address ranges that were provisioned through bring your own IP addresses (BYOIP)
Grants permission to describe Capacity Block extensions history
Grants permission to describe Capacity Block extensions offerings
Grants permission to describe Capacity Block offerings available for purchase
Grants permission to describe details about Capacity Blocks in the AWS Region that you're currently using
Grants permission to describe the availability of capacity for the specified Capacity blocks, or all of your Capacity Blocks
Grants permission to describe one or more Capacity Manager data export configurations
Grants permission to describe one or more requests to assign the billing of the unused capacity of a Capacity Reservation
Grants permission to describe one or more Capacity Reservation cancellation quotes
Grants permission to describe one or more Capacity Reservation Fleets
Grants permission to describe one or more Capacity Reservations
Grants permission to describe the topology of one or more Capacity Reservations
Grants permission to describe one or more Carrier Gateways
Grants permission to describe one or more linked EC2-Classic instances
Grants permission to describe the authorization rules for a Client VPN endpoint
Grants permission to describe active client connections and connections that have been terminated within the last 60 minutes for a Client VPN endpoint
Grants permission to describe one or more Client VPN endpoints
Grants permission to describe the routes for a Client VPN endpoint
Grants permission to describe the target networks that are associated with a Client VPN endpoint
Grants permission to describe the specified customer-owned address pools or all of your customer-owned address pools
Grants permission to describe one or more conversion tasks
Grants permission to describe one or more customer gateways
Grants permission to describe one or more declarative policies reports
Grants permission to describe one or more DHCP options sets
Grants permission to describe one or more egress-only internet gateways
Grants permission to describe an Elastic Graphics accelerator that is associated with an instance
Grants permission to describe one or more export image tasks
Grants permission to describe one or more export instance tasks
Grants permission to describe fast-launch enabled Windows AMIs
Grants permission to describe the state of fast snapshot restores for snapshots
Grants permission to describe the events for an EC2 Fleet during a specified time
Grants permission to describe the running instances for an EC2 Fleet
Grants permission to describe one or more EC2 Fleets
Grants permission to describe one or more flow logs
Grants permission to describe the attributes of an Amazon FPGA Image (AFI)
Grants permission to describe one or more Amazon FPGA Images (AFIs)
Grants permission to describe the Dedicated Host Reservations that are available to purchase
Grants permission to describe the Dedicated Host Reservations that are associated with Dedicated Hosts in the AWS account
Grants permission to describe one or more Dedicated Hosts
Grants permission to describe the IAM instance profile associations
Grants permission to describe the ID format settings for resources for an IAM user, IAM role, or root user
Grants permission to describe the ID format settings for resources
Grants permission to describe an attribute of an Amazon Machine Image (AMI)
Grants permission to describe your AWS resources that are referencing specified images
Grants permission to describe one or more images (AMIs, AKIs, and ARIs)
Grants permission to describe the entries of an AMI usage report
Grants permission to describe the configuration and status of an AMI usage report
Grants permission to describe import virtual machine or import snapshot tasks
Grants permission to describe import snapshot tasks
Grants permission to describe the attributes of an instance
Grants permission to describe EC2 Instance Connect Endpoints
Grants permission to describe the credit option for CPU usage of one or more burstable performance instances
Grants permission to describe the set of tags to include in notifications about scheduled events for your instances
Grants permission to describe the specified event windows or all event windows
Grants permission to describe the AMI that was used to launch an instance
Grants permission to describe one or more instances
Grants permission to describe EC2 instance SQL HA history states
Grants permission to describe EC2 instance SQL HA states
Grants permission to describe the status of one or more instances
Grants permission to describe a tree-based hierarchy that represents the physical host placement of EC2 instances
Grants permission to describe the set of instance types that are offered in a location
Grants permission to describe the details of instance types that are offered in a location
Grants permission to describe one or more internet gateways
Grants permission to describe a bring your own Autonomous System Number (BYOASN) that you've brought to IPAM
Grants permission to describe verification tokens, which proves ownership of an external resource
Grants permission to describe Amazon VPC IP Address Manager (IPAM) policies
Grants permission to describe IPAM pool allocations
Grants permission to describe Amazon VPC IP Address Manager (IPAM) pools
Grants permission to describe IPAM prefix list resolvers
Grants permission to describe IPAM prefix list resolver targets
Grants permission to describe IPAM resource discoveries
Grants permission to describe resource discovery associations with an Amazon VPC IPAM
Grants permission to describe an Amazon VPC IP Address Manager (IPAM)
Grants permission to describe Amazon VPC IP Address Manager (IPAM) scopes
Grants permission to describe one or more IPv6 address pools
Grants permission to describe one or more key pairs
Grants permission to describe one or more launch templates
Grants permission to describe one or more launch template versions
Grants permission to allow a service to describe local gateway route table permissions
Grants permission to describe one or more local gateway route tables
Grants permission to describe the associations between virtual interface groups and local gateway route tables
Grants permission to describe an association between VPCs and local gateway route tables
Grants permission to describe one or more local gateways
Grants permission to describe local gateway virtual interface groups
Grants permission to describe local gateway virtual interfaces
Grants permission to describe the lock status for a snapshot
Grants permission to describe your EC2 Mac Dedicated hosts
Grants permission to describe a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance
Grants permission to describe your managed prefix lists and any AWS-managed prefix lists
Grants permission to describe Elastic IP addresses that are being moved to the EC2-VPC platform
Grants permission to describe one or more NAT gateways
Grants permission to describe one or more network ACLs
Grants permission to describe one or more Network Access Scope analyses
Grants permission to describe the Network Access Scopes
Grants permission to describe one or more network insights analyses
Grants permission to describe one or more network insights paths
Grants permission to describe a network interface attribute
Grants permission to describe the permissions that are associated with a network interface
Grants permission to describe one or more network interfaces
Grants permission to describe Outpost LAGs
Grants permission to describe one or more placement groups
Grants permission to describe available AWS services in a prefix list format
Grants permission to describe the ID format settings for the root user and all IAM roles and IAM users that have explicitly specified a longer ID (17-character ID) preference
Grants permission to describe one or more IPv4 address pools
Grants permission to describe one or more AWS Regions that are currently available in your account
Grants permission to describe a root volume replacement task
Grants permission to describe one or more purchased Reserved Instances in your account
Grants permission to describe your account's Reserved Instance listings in the Reserved Instance Marketplace
Grants permission to describe the modifications made to one or more Reserved Instances
Grants permission to describe the Reserved Instance offerings that are available for purchase
Grants permission to describe one or more route server endpoints
Grants permission to describe one or more route server peers
Grants permission to describe one or more route servers
Grants permission to describe one or more route tables
Grants permission to find available schedules for Scheduled Instances
Grants permission to describe one or more Scheduled Instances in your account
Grants permission to describe one or more secondary interfaces
Grants permission to describe one or more secondary networks
Grants permission to describe one or more secondary subnets
Grants permission to describe the VPCs on the other side of a VPC peering connection that are referencing specified VPC security groups
Grants permission to describe one or more of your security group rules
Grants permission to describe one or more security groups
Grants permission to describe security group VPC associations
Grants permission to describe service link virtual interfaces
Grants permission to describe an attribute of a snapshot
Grants permission to describe one or more EBS snapshots
Grants permission to describe the storage tier status for Amazon EBS snapshots
Grants permission to describe the data feed for Spot Instances
Grants permission to describe the running instances for a Spot Fleet
Grants permission to describe the events for a Spot Fleet request during a specified time
Grants permission to describe one or more Spot Fleet requests
Grants permission to describe one or more Spot Instance requests
Grants permission to describe the Spot Instance price history
Grants permission to describe the stale security group rules for security groups in a specified VPC
Grants permission to describe the progress of the AMI store tasks
Grants permission to describe one or more subnets
Grants permission to describe one or more tags for an Amazon EC2 resource
Grants permission to describe traffic mirror filters that determine the traffic that is mirrored
Grants permission to describe one or more traffic mirror filters
Grants permission to describe one or more traffic mirror sessions
Grants permission to describe one or more traffic mirror targets
Grants permission to describe one or more attachments between resources and transit gateways
Grants permission to describe one or more transit gateway connect peers
Grants permission to describe one or more transit gateway connect attachments
Grants permission to describe one or more transit gateway metering policies
Grants permission to describe one or more transit gateway multicast domains
Grants permission to describe one or more transit gateway peering attachments
Grants permission to describe a transit gateway policy table
Grants permission to describe a transit gateway route table announcement
Grants permission to describe one or more transit gateway route tables
Grants permission to describe one or more transit gateways
Grants permission to describe one or more VPC attachments on a transit gateway
Grants permission to describe one or more network interface trunk associations
Grants permission to describe the specified Verified Access endpoints or all Verified Access endpoints
Grants permission to describe the specified Verified Access groups or all Verified Access groups
Grants permission to describe the current logging configuration for the Verified Access instances
Grants permission to describe the specified Verified Access instances or all Verified Access instances
Grants permission to describe the AWS Web Application Firewall (WAF) web access control list (ACL) associations for a Verified Access instance
Grants permission to describe details of existing Verified Access trust providers
Grants permission to describe an attribute of an EBS volume
Grants permission to describe one or more EBS volumes
Grants permission to describe the current modification status of one or more EBS volumes
Grants permission to describe the status of one or more EBS volumes
Grants permission to describe an attribute of a VPC
Grants permission to describe an exclusion list for blocked public access on a VPC
Grants permission to describe options for blocked public access on a VPC
Grants permission to describe the ClassicLink status of one or more VPCs
Grants permission to describe the ClassicLink DNS support status of one or more VPCs
Grants permission to describe one or more VPC Encryption Controls
Grants permission to describe the VPC endpoint associations
Grants permission to describe the connection notifications for VPC endpoints and VPC endpoint services
Grants permission to describe the VPC endpoint connections to your VPC endpoint services
Grants permission to describe one or more VPC endpoints
Grants permission to describe VPC endpoint service configurations (your services)
Grants permission to describe the principals (service consumers) that are permitted to discover your VPC endpoint service
Grants permission to describe all supported AWS services that can be specified when creating a VPC endpoint
Grants permission to describe one or more VPC peering connections
Grants permission to describe one or more VPCs
Grants permission to describe one or more VPN concentrators
Grants permission to describe one or more VPN connections
Grants permission to describe one or more virtual private gateways
Grants permission to detach an appliance from a public/private Natgateway
Grants permission to unlink (detach) a linked EC2-Classic instance from a VPC
Grants permission to detach a watermark from an Amazon Machine Image (AMI)
Grants permission to detach an internet gateway from a VPC
Grants permission to detach a network interface from an instance
Grants permission to detach resources from a placement group
Grants permission to detach a trust provider from a Verified Access instance
Grants permission to detach an EBS volume from an instance
Grants permission to detach a virtual private gateway from a VPC
Grants permission to disable Elastic IP address transfer
Grants permission to disable allowed images settings
Grants permission to disable infrastructure performance metric subscriptions
Grants permission to disable EC2 Capacity Manager for your account
Grants permission to disable EBS encryption by default for your account
Grants permission to disable faster launching for Windows AMIs
Grants permission to disable fast snapshot restores for one or more snapshots in specified Availability Zones
Grants permission to disable an AMI
Grants permission to disable block public access for AMIs at the account level in the specified AWS Region
Grants permission to cancel the deprecation of the specified AMI
Grants permission to disable deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered
Grants permission to disable EC2 instance SQL HA standby detections
Grants permission to disable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account
Grants permission to disable a policy in Amazon VPC IP Address Manager (IPAM) that controls public IPv4 address allocation
Grants permission to disable route server propagation
Grants permission to disable access to the EC2 serial console of all instances for your account
Grants permission to disable the block public access for snapshots setting for a Region
Grants permission to disable a resource attachment from propagating routes to the specified propagation route table
Grants permission to disable a virtual private gateway from propagating routes to a specified route table of a VPC
Grants permission to disable ClassicLink for a VPC
Grants permission to disable ClassicLink DNS support for a VPC
Grants permission to disassociate an Elastic IP address from an instance or network interface
Grants permission to cancel a pending request to assign billing of the unused capacity of a Capacity Reservation to a consumer account
Grants permission to disassociate a target network from a Client VPN endpoint
Grants permission to disassociate an ACM certificate from a IAM role
Grants permission to disassociate an IAM instance profile from a running or stopped instance
Grants permission to disassociate one or more targets from an event window
Grants permission to disassociate an Autonomous System Number (ASN) from a BYOIP CIDR
Grants permission to disassociate a resource discovery from an Amazon VPC IPAM
Grants permission to disassociate a secondary Elastic IP address from a public NAT gateway
Grants permission to disassociate a route server from a VPC
Grants permission to disassociate a subnet from a route table
Grants permission to disassociate a security group from a VPC
Grants permission to disassociate a CIDR block from a subnet
Grants permission to disassociate one or more subnets from a transit gateway multicast domain
Grants permission to disassociate a policy table from a transit gateway
Grants permission to disassociate a resource attachment from a transit gateway route table
Grants permission to disassociate a branch network interface to a trunk network interface
Grants permission to disassociate an AWS Web Application Firewall (WAF) web access control list (ACL) from a Verified Access instance
Grants permission to disassociate a CIDR block from a VPC
Grants permission to enable Elastic IP address transfer
Grants permission to enable allowed images settings
Grants permission to enable infrastructure performance subscriptions
Grants permission to enable EC2 Capacity Manager for your account
Grants permission to enable EBS encryption by default for your account
Grants permission to enable faster launching for Windows AMIs
Grants permission to enable fast snapshot restores for one or more snapshots in specified Availability Zones
Grants permission to re-enable a disabled AMI
Grants permission to enable block public access for AMIs at the account level in the specified AWS Region
Grants permission to enable deprecation of the specified AMI at the specified date and time
Grants permission to enable deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered
Grants permission to enable EC2 instance SQL HA standby detections
Grants permission to enable an AWS Organizations member account as an Amazon VPC IP Address Manager (IPAM) admin account
Grants permission to enable an Amazon VPC IP Address Manager (IPAM) policy
Grants permission to enable organization sharing of reachability analyzer
Grants permission to enable route server propagation
Grants permission to enable access to the EC2 serial console of all instances for your account
Grants permission to enable or modify the block public access for snapshots setting for a Region
Grants permission to enable an attachment to propagate routes to a propagation route table
Grants permission to enable a virtual private gateway to propagate routes to a VPC route table
Grants permission to enable I/O operations for a volume that had I/O operations disabled
Grants permission to enable a VPC for ClassicLink
Grants permission to enable a VPC to support DNS hostname resolution for ClassicLink
Grants permission to download the client certificate revocation list for a Client VPN endpoint
Grants permission to download the contents of the Client VPN endpoint configuration file for a Client VPN endpoint
Grants permission to export an Amazon Machine Image (AMI) to a VM file
Grants permission to export routes from a transit gateway route table to an Amazon S3 bucket
Grants permission to export a verified access instance client configuration
Grants permission to retrieve the current security parameters for an active VPN tunnel
Grants permission to get the allowed settings for images
Grants permission to get the list of roles associated with an ACM certificate
Grants permission to get information about the IPv6 CIDR block associations for a specified IPv6 address pool
Grants permission to get network performance data
Grants permission to retrieve the current configuration and status of EC2 Capacity Manager
Grants permission to retrieve capacity usage metrics for your EC2 resources
Grants permission to retrieve the available dimension values for capacity metrics within a specified time range
Grants permission to retrieve the tag keys that are currently being monitored by EC2 Capacity Manager
Grants permission to get usage information about a Capacity Reservation
Grants permission to describe the allocations from the specified customer-owned address pool
Grants permission to get the console output for an instance
Grants permission to retrieve a JPG-format screenshot of a running instance
Grants permission to get the report summary of declarative policies
Grants permission to get the default credit option for CPU usage of a burstable performance instance family
Grants permission to get the ID of the default customer master key (CMK) for EBS encryption by default
Grants permission to describe whether EBS encryption by default is enabled for your account
Grants permission to describe the currently enabled policy in Amazon VPC IP Address Manager (IPAM)
Grants permission to generate a CloudFormation template to streamline the integration of VPC flow logs with Amazon Athena
Grants permission to list the resource groups to which a Capacity Reservation has been added
Grants permission to preview a reservation purchase with configurations that match those of a Dedicated Host
Grants permission to retrieve the ancestry chain of an AMI back to its root AMI
Grants permission to get the current state of block public access for AMIs at the account level in the specified AWS Region
Grants permission to view the default instance metadata service (IMDS) settings set for your account in the specified Region
Grants permission to get the public endorsement key associated with the Nitro Trusted Platform Module (NitroTPM) for the specified instance
Grants permission to view a list of instance types with specified instance attributes
Grants permission to retrieve the binary representation of the UEFI variable store
Grants permission to retrieve historical information about a CIDR within an Amazon VPC IP Address Manager (IPAM) scope
Grants permission to retrieve IPAM discovered accounts
Grants permission to retrieve the public IP addresses that have been discovered by IPAM
Grants permission to retrieve the resource CIDRs that are monitored as part of a resource discovery
Grants permission to describe the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy
Grants permission to retrieve the AWS Organizations targets associated with an Amazon VPC IP Address Manager (IPAM) policy
Grants permission to get a list of all the CIDR allocations in an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to get the CIDRs provisioned to an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to get rules for an IPAM prefix list resolver
Grants permission to get CIDR entries for a specific version of an IPAM prefix list resolver
Grants permission to get versions of an IPAM prefix list resolver
Grants permission to get information about the resources in an Amazon VPC IP Address Manager (IPAM) scope
Grants permission to get the configuration data of the specified instance for use with a new launch template or launch template version
Grants permission to get information about the resources that are associated with the specified managed prefix list
Grants permission to get information about the entries for a specified managed prefix list
Grants permission to retrieve the managed resource visibility configuration for the account
Grants permission to get the findings for one or more Network Access Scope analyses
Grants permission to get the content for a specified Network Access Scope
Grants permission to retrieve the encrypted administrator password for a running Windows instance
Grants permission to return a quote and exchange information for exchanging one or more Convertible Reserved Instances for a new Convertible Reserved Instance
Grants permission to describe an IAM policy that enables cross-account sharing
Grants permission to get associations for a route server
Grants permission to get propagations for a route server
Grants permission to get the routing database for a route server
Grants permission to retrieve a list of security groups for a specified VPC
Grants permission to retrieve the access status of your account to the EC2 serial console of all instances
Grants permission to retrieve the current state of the block public access for snapshots setting for a Region
Grants permission to calculate the Spot placement score for a Region or Availability Zone based on the specified target capacity and compute requirements
Grants permission to retrieve information about the subnet CIDR reservations
Grants permission to list the route tables to which a resource attachment propagates routes
Grants permission to list the entries for a transit gateway metering policy
Grants permission to get information about the associations for a transit gateway multicast domain
Grants permission to get information about associations for a transit gateway policy table
Grants permission to get information about associations for a transit gateway policy table entry
Grants permission to get information about prefix list references for a transit gateway route table
Grants permission to get information about associations for a transit gateway route table
Grants permission to get information about the route table propagations for a transit gateway route table
Grants permission to show the Verified Access policy associated with the endpoint
Grants permission to get verified access endpoint targets
Grants permission to show the contents of the Verified Access policy associated with the group
Grants permission to show the AWS Web Application Firewall (WAF) web access control list (ACL) for a Verified Access instance
Grants permission to describe resources that would block VPC Encryption Control enforcement
Grants permission to download an AWS-provided sample configuration file to be used with the customer gateway device
Grants permission to obtain a list of customer gateway devices for which sample configuration files can be provided
Grants permission to view available tunnel endpoint maintenance events
Grants permission to transfer existing BYOIP IPv4 CIDRs to IPAM
Grants permission to upload a client certificate revocation list to a Client VPN endpoint
Grants permission to import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI)
Grants permission to create an import instance task using metadata from a disk image
Grants permission to import a public key from an RSA key pair that was created with a third-party tool
Grants permission to import a disk into an EBS snapshot
Grants permission to create an import volume task using metadata from a disk image
Grants permission to temporarily inject errors for target API requests
Grants permission to temporarily inject latency to I/O operations for a target Amazon EBS volume
Grants permission to list Amazon Machine Images (AMIs) that are currently in the Recycle Bin
Grants permission to list the Amazon EBS snapshots that are currently in the Recycle Bin
Grants permission to list EBS volumes in Recycle Bin
Grants permission to lock an Amazon EBS snapshot in either governance or compliance mode to protect it against accidental or malicious deletions
Grants permission to modify an attribute of the specified Elastic IP address
Grants permission to modify the opt-in status of the Local Zone and Wavelength Zone group for your account
Grants permission to modify a Capacity Reservation's capacity and the conditions under which it is to be released
Grants permission to modify a Capacity Reservation Fleet
Grants permission to modify a Client VPN endpoint
Grants permission to change the account level default credit option for CPU usage of burstable performance instances
Grants permission to change the default customer master key (CMK) for EBS encryption by default for your account
Grants permission to modify an EC2 Fleet
Grants permission to modify an attribute of an Amazon FPGA Image (AFI)
Grants permission to modify a Dedicated Host
Grants permission to modify the ID format of a resource for a specific principal in your account
Grants permission to modify the ID format for a resource
Grants permission to modify an attribute of an Amazon Machine Image (AMI)
Grants permission to modify an attribute of an instance
Grants permission to modify the Capacity Reservation settings for a stopped instance
Grants permission to modify an existing EC2 Instance Connect Endpoint
Grants permission to modify the CPU options on an instance
Grants permission to modify the credit option for CPU usage on an instance
Grants permission to modify the start time for a scheduled EC2 instance event
Grants permission to modify the specified event window
Grants permission to modify the recovery behaviour for an instance
Grants permission to modify the default instance metadata service (IMDS) settings for your account in the specified Region
Grants permission to modify the metadata options for an instance
Grants permission to modify the network performance options for an instance
Grants permission to modify the placement attributes for an instance
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM)
Grants permission to modify the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to modify the description of an IPAM pool allocation
Grants permission to modify an IPAM prefix list resolver
Grants permission to modify an IPAM prefix list resolver target
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) resource CIDR
Grants permission to modify a resource discovery
Grants permission to modify the configurations of an Amazon VPC IP Address Manager (IPAM) scope
Grants permission to modify a launch template
Grants permission to modify a local gateway route
Grants permission to modify a managed prefix list
Grants permission to modify the managed resource visibility configuration for the account
Grants permission to modify an attribute of a network interface
Grants permission to allow Oracle Database@AWS to modify the settings of a peering connection between an ODB network and a VPC
Grants permission to modify the options for instance hostnames for the specified instance
Grants permission to modify public hostname options for a network interface
Grants permission to modify attributes of one or more Reserved Instances
Grants permission to modify a route server
Grants permission to modify the rules of a security group
Grants permission to add or remove permission settings for a snapshot
Grants permission to archive Amazon EBS snapshots
Grants permission to modify a Spot Fleet request
Grants permission to modify an attribute of a subnet
Grants permission to allow or restrict mirroring network services
Grants permission to modify a traffic mirror rule
Grants permission to modify a traffic mirror session
Grants permission to modify a transit gateway
Grants permission to modify a transit gateway metering policy
Grants permission to modify a transit gateway prefix list reference
Grants permission to modify a VPC attachment on a transit gateway
Grants permission to modify the configuration of a Verified Access endpoint
Grants permission to modify the specified Verified Access endpoint policy
Grants permission to modify the specified Verified Access Group configuration
Grants permission to modify the specified Verified Access group policy
Grants permission to modify the configuration of the specified Verified Access instance
Grants permission to modify the logging configuration for the specified Verified Access instance
Grants permission to modify the configuration of the specified Verified Access trust provider
Grants permission to modify the parameters of an EBS volume
Grants permission to modify an attribute of a volume
Grants permission to modify an attribute of a VPC
Grants permission to modify an exclusion list for blocked public access on a VPC
Grants permission to modify options for blocked public access on a VPC
Grants permission to modify an existing VPC Encryption Control
Grants permission to modify an attribute of a VPC endpoint
Grants permission to modify a connection notification for a VPC endpoint or VPC endpoint service
Grants permission to modify the attributes of a VPC endpoint service configuration
Grants permission to modify the payer responsibility for a VPC endpoint service
Grants permission to modify the permissions for a VPC endpoint service
Grants permission to modify the VPC peering connection options on one side of a VPC peering connection
Grants permission to modify the instance tenancy attribute of a VPC
Grants permission to modify the target gateway of a Site-to-Site VPN connection
Grants permission to modify the connection options for your Site-to-Site VPN connection
Grants permission to modify the certificate for a Site-to-Site VPN connection
Grants permission to modify the options for a Site-to-Site VPN connection
Grants permission to enable detailed monitoring for a running instance
Grants permission to move an Elastic IP address from the EC2-Classic platform to the EC2-VPC platform
Grants permission to move a BYOIP IPv4 CIDR to Amazon VPC IP Address Manager (IPAM) from a public IPv4 pool
Grants permission to move available capacity from a source Capacity Reservation to a destination Capacity Reservation
Grants permission to temporarily pause I/O operations for a target Amazon EBS volume
Grants permission to provision an address range for use in AWS through bring your own IP addresses (BYOIP), and to create a corresponding address pool
Grants permission to provision an Autonomous System Number (ASN) for use in an Amazon Web Services account
Grants permission to provision a CIDR to an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to provision a CIDR to a public IPv4 pool
Grants permission to purchase a Capacity Block offering
Grants permission to purchase a Capacity Block extension
Grants permission to purchase a reservation with configurations that match those of a Dedicated Host
Grants permission to purchase a Reserved Instance offering
Grants permission to purchase one or more Scheduled Instances with a specified schedule
Grants permission to attach an IAM policy that enables cross-account sharing to a resource
Grants permission to request a reboot of one or more instances
Grants permission to register an Amazon Machine Image (AMI)
Grants permission to add tags to the set of tags to include in notifications about scheduled events for your instances
Grants permission to register one or more network interfaces as a member of a group IP address in a transit gateway multicast domain
Grants permission to register one or more network interfaces as a source of a group IP address in a transit gateway multicast domain
Grants permission to reject a request to assign billing of the available capacity of a shared Capacity Reservation to your account
Grants permission to reject a transit gateway attachment request for a Client VPN endpoint
Grants permission to reject requests to associate cross-account subnets with a transit gateway multicast domain
Grants permission to reject a transit gateway peering attachment request
Grants permission to reject a request to attach a VPC to a transit gateway
Grants permission to reject one or more VPC endpoint connection requests to a VPC endpoint service
Grants permission to reject a VPC peering connection request
Grants permission to release an Elastic IP address
Grants permission to release one or more On-Demand Dedicated Hosts
Grants permission to release an allocation within an Amazon VPC IP Address Manager (IPAM) pool
Grants permission to replace an IAM instance profile for an instance
Grants permission to replace image criteria in allowed images settings
Grants permission to change which network ACL a subnet is associated with
Grants permission to replace an entry (rule) in a network ACL
Grants permission to replace a route within a route table in a VPC
Grants permission to change the route table that is associated with a subnet
Grants permission to replace a route in a transit gateway route table
Grants permission to replace a VPN tunnel
Grants permission to submit feedback about the status of an instance
Grants permission to create a Spot Fleet request
Grants permission to create a Spot Instance request
Grants permission to reset the attribute of the specified IP address
Grants permission to reset the default customer master key (CMK) for EBS encryption for your account to use the AWS-managed CMK for EBS
Grants permission to reset an attribute of an Amazon FPGA Image (AFI) to its default value
Grants permission to reset an attribute of an Amazon Machine Image (AMI) to its default value
Grants permission to reset an attribute of an instance to its default value
Grants permission to reset an attribute of a network interface
Grants permission to reset permission settings for a snapshot
Grants permission to restore an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform
Grants permission to restore an Amazon Machine Image (AMI) from the Recycle Bin
Grants permission to restore the entries from a previous version of a managed prefix list to a new version of the prefix list
Grants permission to restore an Amazon EBS snapshot from the Recycle Bin
Grants permission to restore an archived Amazon EBS snapshot for use temporarily or permanently, or modify the restore period or restore type for a snapshot that was previously temporarily restored
Grants permission to restore an EBS volume from Recycle Bin
Grants permission to remove an inbound authorization rule from a Client VPN endpoint
Grants permission to remove one or more outbound rules from a VPC security group
Grants permission to remove one or more inbound rules from a security group
Grants permission to launch one or more instances
Grants permission to launch one or more Scheduled Instances
Grants permission to search for routes in a local gateway route table
Grants permission to search for groups, sources, and members in a transit gateway multicast domain
Grants permission to search for routes in a transit gateway route table
Grants permission to send a diagnostic interrupt to an Amazon EC2 instance
Grants permission to interrupt a Spot Instance
Grants permission to start a declarative policies report
Grants permission to start a stopped instance
Grants permission to start a Network Access Scope analysis
Grants permission to start analyzing a specified path
Grants permission to start the private DNS verification process for a VPC endpoint service
Grants permission to stop an Amazon EBS-backed instance
Grants permission to terminate active Client VPN endpoint connections
Grants permission to shut down one or more instances
Grants permission to unassign one or more IPv6 addresses from a network interface
Grants permission to unassign one or more secondary private IP addresses from a network interface
Grants permission to unassign secondary private IPv4 addresses from a private NAT gateway
Grants permission to unlock a snapshot that is locked in governance mode or in compliance mode while still in the cooling-off period
Grants permission to disable detailed monitoring for a running instance
Grants permission to activate or deactivate tag keys for monitoring by EC2 Capacity Manager
Grants permission to update the Organizations access setting for EC2 Capacity Manager
Grants permission to update the number of instances allocated to an interruptible reservation, allowing you to add more capacity or reclaim capacity to your source Capacity Reservation
Grants permission to update descriptions for one or more outbound rules in a VPC security group
Grants permission to update descriptions for one or more inbound rules in a security group
Grants permission to stop advertising an address range that was provisioned for use in AWS through bring your own IP addresses (BYOIP)