ec2:CopyImage is a Write access-level action in the ec2 service. Grants permission to copy an Amazon Machine Image (AMI) from a source Region to the current Region
ARNs that ec2:CopyImage can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants ec2:CopyImage.
Filters access by the initiation time of a snapshot
Filters access by a tag key and value pair that is allowed in the request
Filters access by a tag key and value pair of a resource
Filters access by a list of tag keys that are allowed in the request
Filters access by the group being added to a snapshot
Filters access by the account id being added to a snapshot
Filters access by an attribute of a resource
Filters access by an attribute being set on a resource
Filters access by the name of an Availability Zone in an AWS Region
Filters access by whether the EBS volume is encrypted
Filters access by the product code that is associated with the AMI
Filters access by whether the image has public launch permissions
Filters access by the name of the AWS Region
Filters access by the ID of an image
Filters access by the type of image (machine, aki, or ari)
Filters access by the group being removed from a snapshot
Filters access by the account id being removed from a snapshot
Filters access by a tag key and value pair of a resource
Filters access by the root device type of the instance (ebs or instance-store)
Filters access by the compliance mode cooling-off period
Filters access by the ID of a snapshot
Filters access by the snapshot lock duration
Filters access by the name of the Availability Zone from which the request originated
Filters access by whether users are able to override resources that are specified in the launch template
Filters access by the ARN of the Outpost from which the request originated
Filters access by the ARN of a launch template
Filters access by the destination for the snapshot copy
Filters access by the size of the volume, in GiB
Filters access by the ARN of the Outpost
Filters access by the owner of the resource (amazon, aws-marketplace, or an AWS account ID)
Filters access by the ARN of the parent snapshot
Filters access by the ARN of the parent volume from which the snapshot was created
To use ec2:CopyImage you may also need to grant:
A minimal policy that allows ec2:CopyImage. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowEc2CopyImage",
"Effect": "Allow",
"Action": "ec2:CopyImage",
"Resource": "*"
}
]
}