AWS managed policies for AWS Elastic Beanstalk
An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.
For more information, see AWS managed policies in the IAM User Guide.
Elastic Beanstalk updates to AWS managed policies
View details about updates to AWS managed policies for Elastic Beanstalk since March 1, 2021.
To see the JSON source for a specific managed policy, see the AWS Managed Policy Reference Guide.
| Change | Description | Date |
|---|---|---|
|
AdministratorAccess-AWSElasticBeanstalk –Updated existing policy |
This policy was updated to replace the
StringLike operator with the ArnLike operator to evaluate the ARN-type keys in the condition block For more information, see Managing Elastic Beanstalk user policies. |
December 11, 2024 |
|
The following polices were updated:
|
These policies were updated to allow Elastic Beanstalk to add or remove tags when it creates or updates an AWS CloudFormation stack or change set. For more information about AWSElasticBeanstalkManagedUpdatesServiceRolePolicy, see Service-linked role permissions for Elastic Beanstalk. For more information about AWSElasticBeanstalkRoleCore, see Policies for integration with other services. |
April 30, 2024 |
|
AWSElasticBeanstalkService –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Elastic Load Balancing, Auto Scaling groups (ASG), and Amazon ECS. NoteThis policy has been previously superseded by For more information, see Managed service role policies. |
May 10, 2023 |
|
AWSElasticBeanstalkMulticontainerDocker –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Managing Elastic Beanstalk instance profiles. |
March 23, 2023 |
|
AWSElasticBeanstalkRoleECS –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Policies for integration with other services. |
March 23, 2023 |
|
AdministratorAccess-AWSElasticBeanstalk –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Managing Elastic Beanstalk user policies. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Amazon ECS resources when it creates them. For more information, see Service-linked role permissions for Elastic Beanstalk. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Amazon ECS resources when it creates them. For more information, see Managed service role policies. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Auto Scaling groups when it creates them. For more information, see The managed-updates service-linked role. |
January 27, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags on create of an Auto Scaling group (ASG). For more information, see Managed service role policies. |
January 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags on create of an elastic load balancer (ELB). For more information, see Managed service role policies. |
December 21, 2022 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
Permissions were added to this policy to allow Elastic Beanstalk to do the following during managed updates:
For more information, see The managed-updates service-linked role. |
August 23, 2022 |
|
AWSElasticBeanstalkReadOnlyAccess – Deprecated GovCloud (US) AWS Region |
This policy has been replaced by This policy will be phased out in the GovCloud (US) AWS Region. When this policy is phased out, it will no longer be available for attachment to new IAM users, groups, or roles after June 17, 2021. For more information, see User policies. |
June 17, 2021 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to read attributes for EC2 Availability Zones. It enables Elastic Beanstalk to provide more effective validation of your instance type selection across Availability Zones. For more information, see Managed service role policies. |
June 16, 2021 |
|
AWSElasticBeanstalkFullAccess – Deprecated GovCloud (US) AWS Region |
This policy has been replaced by This policy will be phased out in the GovCloud (US) AWS Region. When this policy is phased out, it will no longer be available for attachment to new IAM users, groups, or roles after June 10, 2021. For more information, see User policies. |
June 10, 2021 |
|
The following managed policies were deprecated in all of the China AWS Regions:
|
The The These policies were phased out in all of the China AWS Regions. These policies will no longer be available for attachment to new IAM users, groups, or roles after June 3, 2021. For more information, see User policies. |
June 3, 2021 |
|
AWSElasticBeanstalkService – Deprecated |
This policy has been superseded by This policy is phased out and is no longer available for attachment to new IAM users, groups, or roles. For more information, see Managed service role policies. |
June 2021 - January 2022 |
|
The following managed policies were deprecated in all AWS Regions, except for China and GovCloud (US):
|
The The These policies were phased out in all the AWS Regions, except for China and GovCloud (US). These policies will no longer be available for attachment to new IAM users, groups, or roles after April 16, 2021. For more information, see User policies. |
April 16, 2021 |
|
The following managed policies were updated:
|
Both of these policies now support PassRole permissions in China AWS Regions. For more information about For more information about |
March 9, 2021 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy – New policy |
Elastic Beanstalk added a new policy to replace the This new managed policy improves security for your resources by applying a more restrictive set of permissions. For more information, see Managed service role policies. |
March 3, 2021 |
|
Elastic Beanstalk started tracking changes |
Elastic Beanstalk started tracking changes for AWS managed policies. |
March 1, 2021 |
