2025-04-30
17 new actions, 3 new resources, 2 new conditions | 4 updated actions, 1 updated resource
Additions
Actions
-
AssociateRouteServer
-
Description:
Grants permission to associate a route server with a VPC
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
Name: vpc
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Ipv4IpamPoolId
ec2:Ipv6IpamPoolId
ec2:Tenancy
ec2:VpcID
ec2:Region
-
CreateRouteServer
-
Description:
Grants permission to create a route server
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
-
Conditions:
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:CreateTags
sns:CreateTopic
-
CreateRouteServerEndpoint
-
Description:
Grants permission to create a route server endpoint
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
Name: route-server-endpoint
Required: Yes
Name: subnet
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:AvailabilityZone
ec2:SubnetID
ec2:Vpc
ec2:Region
-
Dependents:
ec2:AuthorizeSecurityGroupIngress
ec2:CreateNetworkInterface
ec2:CreateNetworkInterfacePermission
ec2:CreateSecurityGroup
ec2:CreateTags
ec2:DescribeSecurityGroups
-
CreateRouteServerPeer
-
Description:
Grants permission to create a route server peer
-
Access:
Write
-
Resources:
Name: route-server-endpoint
Required: Yes
Name: route-server-peer
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:ResourceTag/${TagKey}
aws:RequestTag/${TagKey}
aws:TagKeys
ec2:Region
-
Dependents:
ec2:AuthorizeSecurityGroupIngress
ec2:CreateTags
-
DeleteRouteServer
-
Description:
Grants permission to delete a route server
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
Dependents:
sns:DeleteTopic
-
DeleteRouteServerEndpoint
-
Description:
Grants permission to delete a route server endpoint
-
Access:
Write
-
Resources:
Name: route-server-endpoint
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:ResourceTag/${TagKey}
ec2:Region
-
Dependents:
ec2:DeleteNetworkInterface
ec2:DeleteSecurityGroup
ec2:RevokeSecurityGroupIngress
-
DeleteRouteServerPeer
-
Description:
Grants permission to delete a route server peer
-
Access:
Write
-
Resources:
Name: route-server-peer
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:AvailabilityZone
ec2:ResourceTag/${TagKey}
ec2:Region
-
Dependents:
ec2:RevokeSecurityGroupIngress
-
DescribeRouteServerEndpoints
-
Description:
Grants permission to describe one or more route server endpoints
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeRouteServerPeers
-
Description:
Grants permission to describe one or more route server peers
-
Access:
List
-
Conditions:
ec2:Region
-
DescribeRouteServers
-
Description:
Grants permission to describe one or more route servers
-
Access:
List
-
Conditions:
ec2:Region
-
DisableRouteServerPropagation
-
Description:
Grants permission to disable route server propagation
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
Name: route-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:RouteTableID
ec2:Vpc
ec2:Region
-
DisassociateRouteServer
-
Description:
Grants permission to disassociate a route server from a VPC
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
Name: vpc
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Ipv4IpamPoolId
ec2:Ipv6IpamPoolId
ec2:Tenancy
ec2:VpcID
ec2:Region
-
EnableRouteServerPropagation
-
Description:
Grants permission to enable route server propagation
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
Name: route-table
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:RouteTableID
ec2:Vpc
ec2:Region
-
GetRouteServerAssociations
-
Description:
Grants permission to get associations for a route server
-
Access:
Read
-
Resources:
Name: route-server
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
GetRouteServerPropagations
-
Description:
Grants permission to get propagations for a route server
-
Access:
Read
-
Resources:
Name: route-server
Required: Yes
Name: route-table
Required: No
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:RouteTableID
ec2:Vpc
ec2:Region
-
GetRouteServerRoutingDatabase
-
Description:
Grants permission to get the routing database for a route server
-
Access:
Read
-
Resources:
Name: route-server
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
-
ModifyRouteServer
-
Description:
Grants permission to modify a route server
-
Access:
Write
-
Resources:
Name: route-server
Required: Yes
-
Conditions:
aws:ResourceTag/${TagKey}
ec2:ResourceTag/${TagKey}
ec2:Region
Resources
-
route-server-endpoint
-
Arn:
arn:${Partition}:ec2:${Region}:${Account}:route-server-endpoint/${RouteServerEndpointId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:ResourceTag/${TagKey}
aws:TagKeys
ec2:AvailabilityZone
ec2:Region
ec2:ResourceTag/${TagKey}
-
route-server
-
Arn:
arn:${Partition}:ec2:${Region}:${Account}:route-server/${RouteServerId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:ResourceTag/${TagKey}
aws:TagKeys
ec2:Region
ec2:ResourceTag/${TagKey}
-
route-server-peer
-
Arn:
arn:${Partition}:ec2:${Region}:${Account}:route-server-peer/${RouteServerPeerId}
-
Conditions:
aws:RequestTag/${TagKey}
aws:ResourceTag/${TagKey}
aws:TagKeys
ec2:AvailabilityZone
ec2:Region
ec2:ResourceTag/${TagKey}
Conditions
-
ec2:AvailabilityZoneId
-
Description:
Filters access by the ID of an Availability Zone in an AWS Region
-
Type:
String
-
ec2:EphemeralStorage
-
Description:
Filters access by whether the instance is enabled for ephemeral storage
-
Type:
Bool
Updates
Actions
-
CreateCapacityReservationBySplitting
Conditions
-
+ ec2:AvailabilityZone
-
+ ec2:AvailabilityZoneId
-
+ ec2:EbsOptimized
-
+ ec2:EndDate
-
+ ec2:EndDateType
-
+ ec2:EphemeralStorage
-
+ ec2:InstanceCount
-
+ ec2:InstanceMatchCriteria
-
+ ec2:InstancePlatform
-
+ ec2:InstanceType
-
+ ec2:OutpostArn
-
+ ec2:PlacementGroup
-
+ ec2:Tenancy
-
DescribeClassicLinkInstances
Conditions
-
- aws:ResourceTag/${TagKey}
-
- ec2:AvailabilityZone
-
- ec2:CapacityReservationFleet
-
- ec2:CreateDate
-
- ec2:DestinationCapacityReservationId
-
- ec2:EbsOptimized
-
- ec2:EndDate
-
- ec2:EndDateType
-
- ec2:InstanceCount
-
- ec2:InstanceMatchCriteria
-
- ec2:InstancePlatform
-
- ec2:InstanceType
-
- ec2:OutpostArn
-
- ec2:PlacementGroup
-
- ec2:ResourceTag/${TagKey}
-
- ec2:SourceCapacityReservationId
-
- ec2:Tenancy
Resources
-
- capacity-reservation
-
DescribeDhcpOptions
Conditions
-
- aws:ResourceTag/${TagKey}
-
- ec2:ClientRootCertificateChainArn
-
- ec2:CloudwatchLogGroupArn
-
- ec2:CloudwatchLogStreamArn
-
- ec2:DirectoryArn
-
- ec2:ResourceTag/${TagKey}
-
- ec2:SamlProviderArn
-
- ec2:ServerCertificateArn
Resources
-
- client-vpn-endpoint
-
DescribeVpnGateways
Conditions
-
- aws:ResourceTag/${TagKey}
-
- ec2:ResourceTag/${TagKey}
-
- ec2:VpceServiceName
-
- ec2:VpceServiceOwner