Amazon EC2 (ec2)

2025-06-03

4 new actions, 1 new resource | 35 updated actions, 11 updated resources

Additions

    Actions
  • CreateDelegateMacVolumeOwnershipTask
    • Description:  Grants permission to create a volume ownership delegation task for an Apple silicon Mac instance
    • Access:  Write
    • Resources: 

      Name: instance

      Required: Yes

      Name: mac-modification-task

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:EbsOptimized

      ec2:InstanceAutoRecovery

      ec2:InstanceBandwidthWeighting

      ec2:InstanceMarketType

      ec2:InstanceMetadataTags

      ec2:InstanceProfile

      ec2:InstanceType

      ec2:MetadataHttpEndpoint

      ec2:MetadataHttpPutResponseHopLimit

      ec2:MetadataHttpTokens

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Tenancy

      aws:RequestTag/${TagKey}

      aws:TagKeys

      ec2:Region
    • Dependents: 

      ec2:CreateTags
  • CreateMacSystemIntegrityProtectionModificationTask
    • Description:  Grants permission to create a System Integrity Protection (SIP) modification task for an Amazon EC2 Mac instance
    • Access:  Write
    • Resources: 

      Name: instance

      Required: Yes

      Name: mac-modification-task

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:AvailabilityZone

      ec2:EbsOptimized

      ec2:InstanceAutoRecovery

      ec2:InstanceBandwidthWeighting

      ec2:InstanceMarketType

      ec2:InstanceMetadataTags

      ec2:InstanceProfile

      ec2:InstanceType

      ec2:MetadataHttpEndpoint

      ec2:MetadataHttpPutResponseHopLimit

      ec2:MetadataHttpTokens

      ec2:ResourceTag/${TagKey}

      ec2:RootDeviceType

      ec2:Tenancy

      aws:RequestTag/${TagKey}

      aws:TagKeys

      ec2:Region
    • Dependents: 

      ec2:CreateTags
  • DescribeMacModificationTasks
    • Description:  Grants permission to describe a System Integrity Protection (SIP) modification task or volume ownership delegation task for an Amazon EC2 Mac instance
    • Access:  List
    • Conditions: 

      ec2:Region
  • ModifyPublicIpDnsNameOptions
    • Description:  Grants permission to modify public hostname options for a network interface
    • Access:  Write
    • Resources: 

      Name: network-interface

      Required: Yes

    • Conditions: 

      aws:ResourceTag/${TagKey}

      ec2:Attribute

      ec2:Attribute/${AttributeName}

      ec2:AvailabilityZone

      ec2:ResourceTag/${TagKey}

      ec2:Subnet

      ec2:Vpc

      ec2:Region
    Resources
  • mac-modification-task
    • Arn:  arn:${Partition}:ec2:${Region}:${Account}:mac-modification-task/${MacModificationTaskId}
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}

      aws:TagKeys

      ec2:Region

      ec2:ResourceTag/${TagKey}

Updates