Required IAM permissions - Amazon Elastic Compute Cloud

Required IAM permissions

By default, AWS Identity and Access Management (IAM) users don't have permission to work with Recycle Bin, retention rules, or with resources that are in the Recycle Bin. To allow IAM users to work with these resources, you must create IAM policies that grant permission to use specific resources and API actions. You then attach those policies to the IAM users or the groups that require those permissions.

Permissions for working with Recycle Bin and retention rules

To work with Recycle Bin and retention rules, IAM users need the following permissions.

  • rbin:CreateRule

  • rbin:UpdateRule

  • rbin:GetRule

  • rbin:ListRules

  • rbin:DeleteRule

  • rbin:TagResource

  • rbin:UntagResource

  • rbin:ListTagsForResource

To use the Recycle Bin console, IAM users need the tag:GetResources permission.

The following is an example IAM policy. It includes the tag:GetResources permission for console users. If the permission is not needed, you can remove it from the policy.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "rbin:CreateRule", "rbin:UpdateRule", "rbin:GetRule", "rbin:ListRules", "rbin:DeleteRule", "rbin:TagResource", "rbin:UntagResource", "rbin:ListTagsForResource", "tag:GetResources" ], "Resource": "*" }] }

Permissions for working with resources in the Recycle Bin

For more information about the IAM permissions needed to work with resources in the Recycle Bin, see the following: