Change log of AWS IAM permissions

2025-12-19

50 new actions, 6 new resources, 9 new conditions | 11 updated actions, 4 updated resources

Additions

Actions

AttachApplianceToNatGateway
- Description: Grants permission to attach an appliance with a public/private Natgateway
- Access: Permissions management
- Resources:
  Name: natgateway
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
CreateInterruptibleCapacityReservationAllocation
- Description: Grants permission to create an interruptible Capacity Reservation by specifying the number of unused instances you want to allocate from your source reservation
- Access: Write
- Resources:
  Name: capacity-reservation
  
  Required: Yes
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:AvailabilityZone
  
  ec2:AvailabilityZoneId
  
  ec2:CreateDate
  
  ec2:EbsOptimized
  
  ec2:EndDate
  
  ec2:EndDateType
  
  ec2:InstanceCount
  
  ec2:InstanceMatchCriteria
  
  ec2:InstancePlatform
  
  ec2:InstanceType
  
  ec2:InterruptibleCapacityReservationId
  
  ec2:InterruptionType
  
  ec2:IsInterruptible
  
  ec2:SourceCapacityReservationId
  
  ec2:TargetInstanceCount
  
  ec2:Tenancy
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateIpamPolicy
- Description: Grants permission to create a policy in Amazon VPC IP Address Manager (IPAM) that defines rules for allocating public IPv4 addresses from IPAM pools to AWS resources
- Access: Write
- Resources:
  Name: ipam
  
  Required: Yes
  
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateIpamPrefixListResolver
- Description: Grants permission to create an IPAM prefix list resolver that defines rules for selecting CIDRs to include in prefix lists
- Access: Write
- Resources:
  Name: ipam
  
  Required: Yes
  
  Name: ipam-prefix-list-resolver
  
  Required: Yes
  
  Name: ipam-scope
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateIpamPrefixListResolverTarget
- Description: Grants permission to create an IPAM prefix list resolver target that links a resolver to a managed prefix list
- Access: Write
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
  
  Name: ipam-prefix-list-resolver-target
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateOdbNetworkPeering
- Description: Grants permission to allow Oracle Database@AWS to create a peering connection between an ODB network and a VPC
- Access: Permissions management
- Resources:
  Name: vpc
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Tenancy
  
  ec2:VpcID
  
  ec2:Region
CreateTransitGatewayMeteringPolicy
- Description: Grants permission to create a metering policy for a transit gateway
- Access: Write
- Resources:
  Name: transit-gateway
  
  Required: Yes
  
  Name: transit-gateway-metering-policy
  
  Required: Yes
  
  Name: transit-gateway-attachment
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayId
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:transitGatewayAttachmentId
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateTransitGatewayMeteringPolicyEntry
- Description: Grants permission to create an entry for a transit gateway metering policy
- Access: Write
- Resources:
  Name: transit-gateway-metering-policy
  
  Required: Yes
  
  Name: transit-gateway-attachment
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:transitGatewayAttachmentId
  
  ec2:Region
CreateVpcEncryptionControl
- Description: Grants permission to create a VPC Encryption Control
- Access: Write
- Resources:
  Name: vpc
  
  Required: Yes
  
  Name: vpc-encryption-control
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Tenancy
  
  ec2:VpcID
  
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Region
- Dependents:
  ec2:CreateTags
CreateVpnConcentrator
- Description: Grants permission to create a VPN concentrator that aggregates multiple VPN connections to a transit gateway
- Access: Write
- Resources:
  Name: vpn-concentrator
  
  Required: Yes
  
  Name: transit-gateway
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
  
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayId
  
  ec2:Region
- Dependents:
  ec2:CreateTags
DeleteIpamPolicy
- Description: Grants permission to delete an Amazon VPC IP Address Manager (IPAM) policy
- Access: Write
- Resources:
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DeleteIpamPrefixListResolver
- Description: Grants permission to delete an IPAM prefix list resolver
- Access: Write
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DeleteIpamPrefixListResolverTarget
- Description: Grants permission to delete an IPAM prefix list resolver target
- Access: Write
- Resources:
  Name: ipam-prefix-list-resolver-target
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DeleteOdbNetworkPeering
- Description: Grants permission to allow Oracle Database@AWS to delete a peering connection between an ODB network and a VPC
- Access: Permissions management
- Resources:
  Name: vpc
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Tenancy
  
  ec2:VpcID
  
  ec2:Region
DeleteTransitGatewayMeteringPolicy
- Description: Grants permission to delete a transit gateway metering policy
- Access: Write
- Resources:
  Name: transit-gateway-metering-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:Region
DeleteTransitGatewayMeteringPolicyEntry
- Description: Grants permission to delete an entry from a transit gateway metering policy
- Access: Write
- Resources:
  Name: transit-gateway-metering-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:Region
DeleteVpcEncryptionControl
- Description: Grants permission to delete a VPC Encryption Control
- Access: Write
- Resources:
  Name: vpc-encryption-control
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DeleteVpnConcentrator
- Description: Grants permission to delete a VPN concentrator
- Access: Write
- Resources:
  Name: vpn-concentrator
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DescribeCapacityReservationTopology
- Description: Grants permission to describe the topology of one or more Capacity Reservations
- Access: List
- Conditions:
  ec2:Region
DescribeInstanceSqlHaHistoryStates
- Description: Grants permission to describe EC2 instance SQL HA history states
- Access: List
- Conditions:
  ec2:Region
DescribeInstanceSqlHaStates
- Description: Grants permission to describe EC2 instance SQL HA states
- Access: List
- Conditions:
  ec2:Region
DescribeIpamPolicies
- Description: Grants permission to describe Amazon VPC IP Address Manager (IPAM) policies
- Access: List
- Conditions:
  ec2:Region
DescribeIpamPrefixListResolverTargets
- Description: Grants permission to describe IPAM prefix list resolver targets
- Access: List
- Conditions:
  ec2:Region
DescribeIpamPrefixListResolvers
- Description: Grants permission to describe IPAM prefix list resolvers
- Access: List
- Conditions:
  ec2:Region
DescribeTransitGatewayMeteringPolicies
- Description: Grants permission to describe one or more transit gateway metering policies
- Access: List
- Conditions:
  ec2:Region
DescribeVpcEncryptionControls
- Description: Grants permission to describe one or more VPC Encryption Controls
- Access: List
- Conditions:
  ec2:Region
DescribeVpnConcentrators
- Description: Grants permission to describe one or more VPN concentrators
- Access: List
- Conditions:
  ec2:Region
DetachApplianceFromNatGateway
- Description: Grants permission to detach an appliance from a public/private Natgateway
- Access: Permissions management
- Resources:
  Name: natgateway
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
DisableInstanceSqlHaStandbyDetections
- Description: Grants permission to disable EC2 instance SQL HA standby detections
- Access: Write
- Resources:
  Name: instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:AvailabilityZone
  
  ec2:AvailabilityZoneId
  
  ec2:EbsOptimized
  
  ec2:InstanceAutoRecovery
  
  ec2:InstanceBandwidthWeighting
  
  ec2:InstanceID
  
  ec2:InstanceMarketType
  
  ec2:InstanceMetadataTags
  
  ec2:InstanceProfile
  
  ec2:InstanceType
  
  ec2:MetadataHttpEndpoint
  
  ec2:MetadataHttpPutResponseHopLimit
  
  ec2:MetadataHttpTokens
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Tenancy
  
  ec2:Region
DisableIpamPolicy
- Description: Grants permission to disable a policy in Amazon VPC IP Address Manager (IPAM) that controls public IPv4 address allocation
- Access: Write
- Resources:
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
EnableInstanceSqlHaStandbyDetections
- Description: Grants permission to enable EC2 instance SQL HA standby detections
- Access: Write
- Resources:
  Name: instance
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:AvailabilityZone
  
  ec2:AvailabilityZoneId
  
  ec2:EbsOptimized
  
  ec2:InstanceAutoRecovery
  
  ec2:InstanceBandwidthWeighting
  
  ec2:InstanceID
  
  ec2:InstanceMarketType
  
  ec2:InstanceMetadataTags
  
  ec2:InstanceProfile
  
  ec2:InstanceType
  
  ec2:MetadataHttpEndpoint
  
  ec2:MetadataHttpPutResponseHopLimit
  
  ec2:MetadataHttpTokens
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Tenancy
  
  ec2:Region
EnableIpamPolicy
- Description: Grants permission to enable an Amazon VPC IP Address Manager (IPAM) policy
- Access: Write
- Resources:
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetEnabledIpamPolicy
- Description: Grants permission to describe the currently enabled policy in Amazon VPC IP Address Manager (IPAM)
- Access: Read
- Conditions:
  ec2:Region
GetImageAncestry
- Description: Grants permission to retrieve the ancestry chain of an AMI back to its root AMI
- Access: Read
- Resources:
  Name: image
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ImageID
  
  ec2:ImageType
  
  ec2:Owner
  
  ec2:Public
  
  ec2:ResourceTag/${TagKey}
  
  ec2:RootDeviceType
  
  ec2:Region
GetIpamPolicyAllocationRules
- Description: Grants permission to describe the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy
- Access: List
- Resources:
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetIpamPolicyOrganizationTargets
- Description: Grants permission to retrieve the AWS Organizations targets associated with an Amazon VPC IP Address Manager (IPAM) policy
- Access: List
- Resources:
  Name: ipam-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetIpamPrefixListResolverRules
- Description: Grants permission to get rules for an IPAM prefix list resolver
- Access: Read
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetIpamPrefixListResolverVersionEntries
- Description: Grants permission to get CIDR entries for a specific version of an IPAM prefix list resolver
- Access: Read
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetIpamPrefixListResolverVersions
- Description: Grants permission to get versions of an IPAM prefix list resolver
- Access: Read
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
GetTransitGatewayMeteringPolicyEntries
- Description: Grants permission to list the entries for a transit gateway metering policy
- Access: List
- Resources:
  Name: transit-gateway-metering-policy
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:Region
GetVpcResourcesBlockingEncryptionEnforcement
- Description: Grants permission to describe resources that would block VPC Encryption Control enforcement
- Access: List
- Resources:
  Name: vpc
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Tenancy
  
  ec2:VpcID
  
  ec2:Region
ListVolumesInRecycleBin
- Description: Grants permission to list EBS volumes in Recycle Bin
- Access: List
- Conditions:
  ec2:Region
ModifyIpamPolicyAllocationRules
- Description: Grants permission to modify the rules that define how Amazon VPC IP Address Manager (IPAM) pools allocate IP addresses to AWS resource types within an IPAM policy
- Access: Write
- Resources:
  Name: ipam-policy
  
  Required: Yes
  
  Name: ipam-pool
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
ModifyIpamPrefixListResolver
- Description: Grants permission to modify an IPAM prefix list resolver
- Access: Write
- Resources:
  Name: ipam-prefix-list-resolver
  
  Required: Yes
  
  Name: ipam-scope
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:Attribute
  
  ec2:Attribute/${AttributeName}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
ModifyIpamPrefixListResolverTarget
- Description: Grants permission to modify an IPAM prefix list resolver target
- Access: Write
- Resources:
  Name: ipam-prefix-list-resolver-target
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
ModifyOdbNetworkPeering
- Description: Grants permission to allow Oracle Database@AWS to modify the settings of a peering connection between an ODB network and a VPC
- Access: Permissions management
- Resources:
  Name: vpc
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:Attribute/${AttributeName}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Tenancy
  
  ec2:VpcID
  
  ec2:Region
ModifyTransitGatewayMeteringPolicy
- Description: Grants permission to modify a transit gateway metering policy
- Access: Write
- Resources:
  Name: transit-gateway-metering-policy
  
  Required: Yes
  
  Name: transit-gateway-attachment
  
  Required: No
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:Attribute/${AttributeName}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
  
  ec2:transitGatewayAttachmentId
  
  ec2:Region
ModifyVpcEncryptionControl
- Description: Grants permission to modify an existing VPC Encryption Control
- Access: Write
- Resources:
  Name: vpc-encryption-control
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:Attribute/${AttributeName}
  
  ec2:ResourceTag/${TagKey}
  
  ec2:Region
RestoreVolumeFromRecycleBin
- Description: Grants permission to restore an EBS volume from Recycle Bin
- Access: Write
- Resources:
  Name: volume
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:AvailabilityZone
  
  ec2:AvailabilityZoneId
  
  ec2:Encrypted
  
  ec2:ParentSnapshot
  
  ec2:ParentVolume
  
  ec2:ResourceTag/${TagKey}
  
  ec2:VolumeID
  
  ec2:VolumeInitializationRate
  
  ec2:VolumeIops
  
  ec2:VolumeSize
  
  ec2:VolumeThroughput
  
  ec2:VolumeType
  
  ec2:Region
UpdateInterruptibleCapacityReservationAllocation
- Description: Grants permission to update the number of instances allocated to an interruptible reservation, allowing you to add more capacity or reclaim capacity to your source Capacity Reservation
- Access: Write
- Resources:
  Name: capacity-reservation
  
  Required: Yes
- Conditions:
  aws:ResourceTag/${TagKey}
  
  ec2:AvailabilityZone
  
  ec2:AvailabilityZoneId
  
  ec2:CreateDate
  
  ec2:EbsOptimized
  
  ec2:EndDate
  
  ec2:EndDateType
  
  ec2:InstanceCount
  
  ec2:InstanceMatchCriteria
  
  ec2:InstancePlatform
  
  ec2:InstanceType
  
  ec2:InterruptibleCapacityReservationId
  
  ec2:InterruptionType
  
  ec2:IsInterruptible
  
  ec2:ResourceTag/${TagKey}
  
  ec2:SourceCapacityReservationId
  
  ec2:TargetInstanceCount
  
  ec2:Tenancy
  
  ec2:Region

Resources

ipam-policy
- Arn: arn:${Partition}:ec2::${Account}:ipam-policy/${IpamPolicyId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Attribute
  
  ec2:Attribute/${AttributeName}
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}
ipam-prefix-list-resolver
- Arn: arn:${Partition}:ec2::${Account}:ipam-prefix-list-resolver/${IpamPrefixListResolverId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Attribute
  
  ec2:Attribute/${AttributeName}
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}
ipam-prefix-list-resolver-target
- Arn: arn:${Partition}:ec2::${Account}:ipam-prefix-list-resolver-target/${IpamPrefixListResolverTargetId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Attribute
  
  ec2:Attribute/${AttributeName}
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}
transit-gateway-metering-policy
- Arn: arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-metering-policy/${TransitGatewayMeteringPolicyId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Attribute/${AttributeName}
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}
  
  ec2:transitGatewayMeteringPolicyId
vpc-encryption-control
- Arn: arn:${Partition}:ec2:${Region}:${Account}:vpc-encryption-control/${VpcEncryptionControlId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Attribute/${AttributeName}
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}
vpn-concentrator
- Arn: arn:${Partition}:ec2:${Region}:${Account}:vpn-concentrator/${VpnConcentratorId}
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:ResourceTag/${TagKey}
  
  aws:TagKeys
  
  ec2:Region
  
  ec2:ResourceTag/${TagKey}

Conditions

ec2:CommitmentDuration
- Description: Filters access by commitment duration of the Capacity Reservation
- Type: Numeric
ec2:InterruptibleCapacityReservationId
- Description: Filters access by the ID of an interruptible Capacity Reservation
- Type: String
ec2:InterruptionType
- Description: Filters access by the type of interruption
- Type: String
ec2:IpamPrefixListResolverTargetId
- Description: Filters access by the IPAM prefix list resolver target ID that is syncing CIDRs to a managed prefix list
- Type: String
ec2:IsInterruptible
- Description: Filters access by whether Capacity Reservations are interruptible
- Type: Bool
ec2:TargetInstanceCount
- Description: Filters access by the number of instances the interruptible Capacity Reservation is assigned
- Type: Numeric
ec2:VpcePrivateDnsPreference
- Description: Filters access by the private DNS preference
- Type: String
ec2:VpcePrivateDnsSpecifiedDomains
- Description: Filters access by the private DNS domains
- Type: ArrayOfString
ec2:transitGatewayMeteringPolicyId
- Description: Filters access by the ID of a metering policy id
- Type: String

Updates

Actions

CreateFpgaImage
- ＋ natgateway
CreateNetworkInterface
- New_value: No
  
  Old_value: Yes
- ＋ vpc
- ＋ ec2:Ipv4IpamPoolId
- ＋ ec2:Ipv6IpamPoolId
- ＋ ec2:Tenancy
- ＋ ec2:VpcID
CreateTransitGatewayConnect
- ＋ ec2:IpamPrefixListResolverTargetId
- ＋ ec2:transitGatewayMeteringPolicyId
- ＋ ipam-policy
- ＋ ipam-prefix-list-resolver
- ＋ ipam-prefix-list-resolver-target
- ＋ transit-gateway-metering-policy
- ＋ vpc-encryption-control
- ＋ vpn-concentrator
DeleteClientVpnEndpoint
- ＋ ec2:VpcePrivateDnsPreference
- ＋ ec2:VpcePrivateDnsSpecifiedDomains
DeleteResourcePolicy
- ＋ ec2:IpamPrefixListResolverTargetId
DeleteTags
- New_value: Yes
  
  Old_value: No
LockSnapshot
- ＋ ec2:IpamPrefixListResolverTargetId
ModifyAddressAttribute
- ＋ ec2:IpamPrefixListResolverTargetId
ProvisionByoipCidr
- ＋ ec2:IpamPrefixListResolverTargetId
DeleteCustomerGateway
- ＋ vpn-concentrator
DeleteTransitGatewayRouteTableAnnouncement
- ＋ ipam-policy
- ＋ ipam-prefix-list-resolver
- ＋ ipam-prefix-list-resolver-target
- ＋ transit-gateway-metering-policy
- ＋ vpc-encryption-control
- ＋ vpn-concentrator

Resources

capacity-reservation
- ＋ ec2:CommitmentDuration
- ＋ ec2:InterruptibleCapacityReservationId
- ＋ ec2:InterruptionType
- ＋ ec2:IsInterruptible
- ＋ ec2:TargetInstanceCount
group
- ＋ ec2:IpamPrefixListResolverTargetId
vpc-peering-connection
- ＋ ec2:VpcePrivateDnsPreference
- ＋ ec2:VpcePrivateDnsSpecifiedDomains
network-insights-access-scope
- ＋ ec2:Vpc

Amazon EC2 (ec2)

Additions

Updates