ec2:ModifyEbsDefaultKmsKeyId

Write

ec2:ModifyEbsDefaultKmsKeyId is a Write access-level action in the ec2 service. Grants permission to change the default customer master key (CMK) for EBS encryption by default for your account

Resource types

This action does not support resource-level permissions; use "Resource": "*" in your policy.

Condition keys

No condition keys are documented for this action.

Example IAM policy

A minimal policy that allows ec2:ModifyEbsDefaultKmsKeyId. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowEc2ModifyEbsDefaultKmsKeyId",
      "Effect": "Allow",
      "Action": "ec2:ModifyEbsDefaultKmsKeyId",
      "Resource": "*"
    }
  ]
}

Related actions in ec2

View all ec2 actions →