ec2:CreateNatGateway is a Write access-level action in the ec2 service. Grants permission to create a NAT gateway in a subnet
ARNs that ec2:CreateNatGateway can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants ec2:CreateNatGateway.
Filters access by a tag key and value pair that is allowed in the request
Filters access by a tag key and value pair of a resource
Filters access by a list of tag keys that are allowed in the request
Filters access by the allocation ID of the Elastic IP address
Filters access by an attribute of a resource
Filters access by an attribute being set on a resource
Filters access by the name of an Availability Zone in an AWS Region
Filters access by the ID of an Availability Zone in an AWS Region
Filters access by the domain of the Elastic IP address
Filters access by a public IP address
Filters access by the name of the AWS Region
Filters access by a tag key and value pair of a resource
Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation
Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation
Filters access by whether users are able to override resources that are specified in the launch template
Filters access by the ID of a subnet
Filters access by the ARN of a launch template
Filters access by the tenancy of the VPC or instance (default, dedicated, or host)
Filters access by the ARN of the VPC
Filters access by the ID of a virtual private cloud (VPC)
To use ec2:CreateNatGateway you may also need to grant:
A minimal policy that allows ec2:CreateNatGateway. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowEc2CreateNatGateway",
"Effect": "Allow",
"Action": "ec2:CreateNatGateway",
"Resource": "*"
}
]
}