ec2:RequestSpotInstances

Write

ec2:RequestSpotInstances is a Write access-level action in the ec2 service. Grants permission to create a Spot Instance request

Resource types

ARNs that ec2:RequestSpotInstances can be scoped to in an IAM policy.

arn:${Partition}:ec2:${Region}:${Account}:spot-instances-request/${SpotInstanceRequestId}
spot-instances-request
arn:${Partition}:ec2:${Region}::image/${ImageId}
image
arn:${Partition}:ec2:${Region}:${Account}:key-pair/${KeyPairName}
key-pair
arn:${Partition}:ec2:${Region}:${Account}:network-interface/${NetworkInterfaceId}
network-interface
arn:${Partition}:ec2:${Region}:${Account}:placement-group/${PlacementGroupName}
placement-group
arn:${Partition}:ec2:${Region}:${Account}:security-group/${SecurityGroupId}
security-group
arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}
snapshot
arn:${Partition}:ec2:${Region}:${Account}:subnet/${SubnetId}
subnet

Condition keys

Keys you can use in the Condition block of a policy that grants ec2:RequestSpotInstances.

ec2:SnapshotTime String

Filters access by the initiation time of a snapshot

aws:RequestTag/${TagKey} String

Filters access by a tag key and value pair that is allowed in the request

aws:ResourceTag/${TagKey} String

Filters access by a tag key and value pair of a resource

aws:TagKeys ArrayOfString

Filters access by a list of tag keys that are allowed in the request

ec2:Add/group String

Filters access by the group being added to a snapshot

ec2:Add/userId String

Filters access by the account id being added to a snapshot

ec2:AssociatePublicIpAddress Bool

Filters access by whether the user wants to associate a public IP address with the instance

ec2:Attribute String

Filters access by an attribute of a resource

ec2:Attribute/${AttributeName} String

Filters access by an attribute being set on a resource

ec2:AuthorizedService String

Filters access by the AWS service that has permission to use a resource

ec2:AuthorizedUser String

Filters access by an IAM principal that has permission to use a resource

ec2:AvailabilityZone String

Filters access by the name of an Availability Zone in an AWS Region

ec2:AvailabilityZoneId String

Filters access by the ID of an Availability Zone in an AWS Region

ec2:Encrypted Bool

Filters access by whether the EBS volume is encrypted

ec2:PlacementGroupName String

Filters access by the name of a placement group

ec2:PlacementGroupStrategy String

Filters access by the instance placement strategy used by the placement group (cluster, spread, or partition)

ec2:ProductCode String

Filters access by the product code that is associated with the AMI

ec2:Public Bool

Filters access by whether the image has public launch permissions

ec2:Region String

Filters access by the name of the AWS Region

ec2:ImageID String

Filters access by the ID of an image

ec2:ImageType String

Filters access by the type of image (machine, aki, or ari)

ec2:Remove/group String

Filters access by the group being removed from a snapshot

ec2:Remove/userId String

Filters access by the account id being removed from a snapshot

ec2:ResourceTag/${TagKey} String

Filters access by a tag key and value pair of a resource

ec2:RootDeviceType String

Filters access by the root device type of the instance (ebs or instance-store)

ec2:SecurityGroupID String

Filters access by the ID of a security group

ec2:SnapshotCoolOffPeriod Numeric

Filters access by the compliance mode cooling-off period

ec2:SnapshotID String

Filters access by the ID of a snapshot

ec2:SnapshotLockDuration Numeric

Filters access by the snapshot lock duration

ec2:Ipv4IpamPoolId String

Filters access by the ID of an IPAM pool provided for IPv4 CIDR block allocation

ec2:SourceAvailabilityZone String

Filters access by the name of the Availability Zone from which the request originated

ec2:Ipv6IpamPoolId String

Filters access by the ID of an IPAM pool provided for IPv6 CIDR block allocation

ec2:IsLaunchTemplateResource Bool

Filters access by whether users are able to override resources that are specified in the launch template

ec2:SourceOutpostArn ARN

Filters access by the ARN of the Outpost from which the request originated

ec2:KeyPairName String

Filters access by the name of a key pair

ec2:Subnet ARN

Filters access by the ARN of the subnet

ec2:KeyPairType String

Filters access by the type of a key pair

ec2:SubnetID String

Filters access by the ID of a subnet

ec2:LaunchTemplate ARN

Filters access by the ARN of a launch template

ec2:Location String

Filters access by the destination for the snapshot copy

ec2:ManagedResourceOperator String

Filters access by the presence of an EC2 operator provisioning a managed resource

ec2:VolumeSize Numeric

Filters access by the size of the volume, in GiB

ec2:NetworkInterfaceID String

Filters access by the ID of an elastic network interface

ec2:Vpc ARN

Filters access by the ARN of the VPC

ec2:OutpostArn ARN

Filters access by the ARN of the Outpost

ec2:Owner String

Filters access by the owner of the resource (amazon, aws-marketplace, or an AWS account ID)

ec2:ParentSnapshot ARN

Filters access by the ARN of the parent snapshot

ec2:ParentVolume ARN

Filters access by the ARN of the parent volume from which the snapshot was created

ec2:Permission String

Filters access by the type of permission for a resource (INSTANCE-ATTACH or EIP-ASSOCIATE)

Dependent actions

To use ec2:RequestSpotInstances you may also need to grant:

Example IAM policy

A minimal policy that allows ec2:RequestSpotInstances. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowEc2RequestSpotInstances",
      "Effect": "Allow",
      "Action": "ec2:RequestSpotInstances",
      "Resource": "*"
    }
  ]
}

Related actions in ec2

View all ec2 actions →