IAM permissions - Amazon EBS

IAM permissions

By default, users don't have permission to work with block public access for snapshots. To allow users to work with block public access for snapshots, you must create IAM policies that grant permission to use specific API actions. Once the policies are created, you must add permissions to your users, groups, or roles.

To work with block public access for snapshots, users need the following permissions.

  • ec2:EnableSnapshotBlockPublicAccess — Enable block public access for snapshots and modify the mode.

  • ec2:DisableSnapshotBlockPublicAccess — Disable block public access for snapshots.

  • ec2:GetSnapshotBlockPublicAccessState — View the block public access for snapshots setting for a Region.

The following is an example IAM policy. If some permissions are not needed, you can remove them from the policy.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:EnableSnapshotBlockPublicAccess", "ec2:DisableSnapshotBlockPublicAccess", "ec2:GetSnapshotBlockPublicAccessState" ], "Resource": "*" }] }

To provide access, add permissions to your users, groups, or roles: