aws-iam-policy-types

/** * All IAM policy actions for Amazon EC2 (EC2) * * Extracted by `aws-iam-policy` from * https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html * * 2025-02-24T21:47:42.045Z */ export declare enum AwsEc2Actions { /** * Grants permission to accept an Elastic IP address transfer * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptAddressTransfer.html */ AcceptAddressTransfer = "ec2:AcceptAddressTransfer", /** * Grants permission to accept assign billing of the available capacity of a share * d Capacity Reservation to the calling account * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptCapacityReservationBillingOwnership.html */ AcceptCapacityReservationBillingOwnership = "ec2:AcceptCapacityReservationBillingOwnership", /** * Grants permission to accept a Convertible Reserved Instance exchange quote * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptReservedInstancesExchangeQuote.html */ AcceptReservedInstancesExchangeQuote = "ec2:AcceptReservedInstancesExchangeQuote", /** * Grants permission to accept a request to associate subnets with a transit gatew * ay multicast domain * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayMulticastDomainAssociations.html */ AcceptTransitGatewayMulticastDomainAssociations = "ec2:AcceptTransitGatewayMulticastDomainAssociations", /** * Grants permission to accept a transit gateway peering attachment request * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayPeeringAttachment.html */ AcceptTransitGatewayPeeringAttachment = "ec2:AcceptTransitGatewayPeeringAttachment", /** * Grants permission to accept a request to attach a VPC to a transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptTransitGatewayVpcAttachment.html */ AcceptTransitGatewayVpcAttachment = "ec2:AcceptTransitGatewayVpcAttachment", /** * Grants permission to accept one or more interface VPC endpoint connections to y * our VPC endpoint service * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcEndpointConnections.html */ AcceptVpcEndpointConnections = "ec2:AcceptVpcEndpointConnections", /** * Grants permission to accept a VPC peering connection request * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AcceptVpcPeeringConnection.html */ AcceptVpcPeeringConnection = "ec2:AcceptVpcPeeringConnection", /** * Grants permission to advertise an IP address range that is provisioned for use * in AWS through bring your own IP addresses (BYOIP) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AdvertiseByoipCidr.html */ AdvertiseByoipCidr = "ec2:AdvertiseByoipCidr", /** * Grants permission to allocate an Elastic IP address (EIP) to your account * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateAddress.html */ AllocateAddress = "ec2:AllocateAddress", /** * Grants permission to allocate a Dedicated Host to your account * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateHosts.html */ AllocateHosts = "ec2:AllocateHosts", /** * Grants permission to allocate a CIDR from an Amazon VPC IP Address Manager (IPA * M) pool * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AllocateIpamPoolCidr.html */ AllocateIpamPoolCidr = "ec2:AllocateIpamPoolCidr", /** * Grants permission to apply a security group to the association between a Client * VPN endpoint and a target network * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ApplySecurityGroupsToClientVpnTargetNetwork.html */ ApplySecurityGroupsToClientVpnTargetNetwork = "ec2:ApplySecurityGroupsToClientVpnTargetNetwork", /** * Grants permission to assign one or more IPv6 addresses to a network interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignIpv6Addresses.html */ AssignIpv6Addresses = "ec2:AssignIpv6Addresses", /** * Grants permission to assign one or more secondary private IP addresses to a net * work interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateIpAddresses.html */ AssignPrivateIpAddresses = "ec2:AssignPrivateIpAddresses", /** * Grants permission to assign one or more secondary private IP addresses to a pri * vate NAT gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssignPrivateNatGatewayAddress.html */ AssignPrivateNatGatewayAddress = "ec2:AssignPrivateNatGatewayAddress", /** * Grants permission to associate an Elastic IP address (EIP) with an instance or * a network interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateAddress.html */ AssociateAddress = "ec2:AssociateAddress", /** * Grants permission to assign billing of the unused capacity of a shared Capacity * Reservation to a consumer account * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateCapacityReservationBillingOwner.html */ AssociateCapacityReservationBillingOwner = "ec2:AssociateCapacityReservationBillingOwner", /** * Grants permission to associate a target network with a Client VPN endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateClientVpnTargetNetwork.html */ AssociateClientVpnTargetNetwork = "ec2:AssociateClientVpnTargetNetwork", /** * Grants permission to associate or disassociate a set of DHCP options with a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateDhcpOptions.html */ AssociateDhcpOptions = "ec2:AssociateDhcpOptions", /** * Grants permission to associate an ACM certificate with an IAM role to be used i * n an EC2 Enclave * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateEnclaveCertificateIamRole.html */ AssociateEnclaveCertificateIamRole = "ec2:AssociateEnclaveCertificateIamRole", /** * Grants permission to associate an IAM instance profile with a running or stoppe * d instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html */ AssociateIamInstanceProfile = "ec2:AssociateIamInstanceProfile", /** * Grants permission to associate one or more targets with an event window * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateInstanceEventWindow.html */ AssociateInstanceEventWindow = "ec2:AssociateInstanceEventWindow", /** * Grants permission to associate an Autonomous System Number (ASN) with a BYOIP C * IDR * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamByoasn.html */ AssociateIpamByoasn = "ec2:AssociateIpamByoasn", /** * Grants permission to associate an IPAM resource discovery with an Amazon VPC IP * AM * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIpamResourceDiscovery.html */ AssociateIpamResourceDiscovery = "ec2:AssociateIpamResourceDiscovery", /** * Grants permission to associate an Elastic IP address and private IP address wit * h a public Nat gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateNatGatewayAddress.html */ AssociateNatGatewayAddress = "ec2:AssociateNatGatewayAddress", /** * Grants permission to associate a subnet or gateway with a route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateRouteTable.html */ AssociateRouteTable = "ec2:AssociateRouteTable", /** * Grants permission to associate a security group with another VPC in the same Re * gion * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSecurityGroupVpc.html */ AssociateSecurityGroupVpc = "ec2:AssociateSecurityGroupVpc", /** * Grants permission to associate a CIDR block with a subnet * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateSubnetCidrBlock.html */ AssociateSubnetCidrBlock = "ec2:AssociateSubnetCidrBlock", /** * Grants permission to associate an attachment and list of subnets with a transit * gateway multicast domain * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayMulticastDomain.html */ AssociateTransitGatewayMulticastDomain = "ec2:AssociateTransitGatewayMulticastDomain", /** * Grants permission to associate a policy table with a transit gateway attachment * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayPolicyTable.html */ AssociateTransitGatewayPolicyTable = "ec2:AssociateTransitGatewayPolicyTable", /** * Grants permission to associate an attachment with a transit gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTransitGatewayRouteTable.html */ AssociateTransitGatewayRouteTable = "ec2:AssociateTransitGatewayRouteTable", /** * Grants permission to associate a branch network interface with a trunk network * interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateTrunkInterface.html */ AssociateTrunkInterface = "ec2:AssociateTrunkInterface", /** * Grants permission to associate an AWS Web Application Firewall (WAF) web access * control list (ACL) with a Verified Access instance * * See https://docs.aws.amazon.com/verified-access/latest/ug/waf-integration.html */ AssociateVerifiedAccessInstanceWebAcl = "ec2:AssociateVerifiedAccessInstanceWebAcl", /** * Grants permission to associate a CIDR block with a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateVpcCidrBlock.html */ AssociateVpcCidrBlock = "ec2:AssociateVpcCidrBlock", /** * Grants permission to link an EC2-Classic instance to a ClassicLink-enabled VPC * through one or more of the VPC's security groups * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachClassicLinkVpc.html */ AttachClassicLinkVpc = "ec2:AttachClassicLinkVpc", /** * Grants permission to attach an internet gateway to a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachInternetGateway.html */ AttachInternetGateway = "ec2:AttachInternetGateway", /** * Grants permission to attach a network interface to an instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachNetworkInterface.html */ AttachNetworkInterface = "ec2:AttachNetworkInterface", /** * Grants permission to attach a trust provider to a Verified Access instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVerifiedAccessTrustProvider.html */ AttachVerifiedAccessTrustProvider = "ec2:AttachVerifiedAccessTrustProvider", /** * Grants permission to attach an EBS volume to a running or stopped instance and * expose it to the instance with the specified device name * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVolume.html */ AttachVolume = "ec2:AttachVolume", /** * Grants permission to attach a virtual private gateway to a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AttachVpnGateway.html */ AttachVpnGateway = "ec2:AttachVpnGateway", /** * Grants permission to add an inbound authorization rule to a Client VPN endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeClientVpnIngress.html */ AuthorizeClientVpnIngress = "ec2:AuthorizeClientVpnIngress", /** * Grants permission to add one or more outbound rules to a VPC security group. Po * licies using the security-group-rule resource-level permission are only enforce * d when the API request includes TagSpecifications * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupEgress.html */ AuthorizeSecurityGroupEgress = "ec2:AuthorizeSecurityGroupEgress", /** * Grants permission to add one or more inbound rules to a VPC security group. Pol * icies using the security-group-rule resource-level permission are only enforced * when the API request includes TagSpecifications * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupIngress.html */ AuthorizeSecurityGroupIngress = "ec2:AuthorizeSecurityGroupIngress", /** * Grants permission to bundle an instance store-backed Windows instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_BundleInstance.html */ BundleInstance = "ec2:BundleInstance", /** * Grants permission to cancel a bundling operation * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelBundleTask.html */ CancelBundleTask = "ec2:CancelBundleTask", /** * Grants permission to cancel a Capacity Reservation and release the reserved cap * acity * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservation.html */ CancelCapacityReservation = "ec2:CancelCapacityReservation", /** * Grants permission to cancel one or more Capacity Reservation Fleets * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelCapacityReservationFleets.html */ CancelCapacityReservationFleets = "ec2:CancelCapacityReservationFleets", /** * Grants permission to cancel an active conversion task * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelConversionTask.html */ CancelConversionTask = "ec2:CancelConversionTask", /** * Grants permission to cancel a declarative policies report * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelDeclarativePoliciesReport.html */ CancelDeclarativePoliciesReport = "ec2:CancelDeclarativePoliciesReport", /** * Grants permission to cancel an active export task * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelExportTask.html */ CancelExportTask = "ec2:CancelExportTask", /** * Grants permission to remove your AWS account from the launch permissions for th * e specified AMI * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImageLaunchPermission.html */ CancelImageLaunchPermission = "ec2:CancelImageLaunchPermission", /** * Grants permission to cancel an in-process import virtual machine or import snap * shot task * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelImportTask.html */ CancelImportTask = "ec2:CancelImportTask", /** * Grants permission to cancel a Reserved Instance listing on the Reserved Instanc * e Marketplace * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelReservedInstancesListing.html */ CancelReservedInstancesListing = "ec2:CancelReservedInstancesListing", /** * Grants permission to cancel one or more Spot Fleet requests * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotFleetRequests.html */ CancelSpotFleetRequests = "ec2:CancelSpotFleetRequests", /** * Grants permission to cancel one or more Spot Instance requests * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CancelSpotInstanceRequests.html */ CancelSpotInstanceRequests = "ec2:CancelSpotInstanceRequests", /** * Grants permission to determine whether an owned product code is associated with * an instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ConfirmProductInstance.html */ ConfirmProductInstance = "ec2:ConfirmProductInstance", /** * Grants permission to copy a source Amazon FPGA image (AFI) to the current Regio * n. Resource-level permissions specified for this action apply to the new AFI on * ly. They do not apply to the source AFI * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyFpgaImage.html */ CopyFpgaImage = "ec2:CopyFpgaImage", /** * Grants permission to copy an Amazon Machine Image (AMI) from a source Region to * the current Region * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopyImage.html */ CopyImage = "ec2:CopyImage", /** * Grants permission to copy a point-in-time snapshot of an EBS volume and store i * t in Amazon S3. Resource-level permissions specified for this action apply to t * he new snapshot only. They do not apply to the source snapshot * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CopySnapshot.html */ CopySnapshot = "ec2:CopySnapshot", /** * Grants permission to create a Capacity Reservation * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservation.html */ CreateCapacityReservation = "ec2:CreateCapacityReservation", /** * Grants permission to create a new Capacity Reservation by splitting the availab * le capacity of the source Capacity Reservation * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationBySplitting.html */ CreateCapacityReservationBySplitting = "ec2:CreateCapacityReservationBySplitting", /** * Grants permission to create a Capacity Reservation Fleet * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCapacityReservationFleet.html */ CreateCapacityReservationFleet = "ec2:CreateCapacityReservationFleet", /** * Grants permission to create a carrier gateway and provides CSP connectivity to * VPC customers * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCarrierGateway.html */ CreateCarrierGateway = "ec2:CreateCarrierGateway", /** * Grants permission to create a Client VPN endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnEndpoint.html */ CreateClientVpnEndpoint = "ec2:CreateClientVpnEndpoint", /** * Grants permission to add a network route to a Client VPN endpoint's route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateClientVpnRoute.html */ CreateClientVpnRoute = "ec2:CreateClientVpnRoute", /** * Grants permission to create a range of customer-owned IP (CoIP) addresses * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipCidr.html */ CreateCoipCidr = "ec2:CreateCoipCidr", /** * Grants permission to create a pool of customer-owned IP (CoIP) addresses * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCoipPool.html */ CreateCoipPool = "ec2:CreateCoipPool", /** * Grants permission to allow a service to access a customer-owned IP (CoIP) pool * * See https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ CreateCoipPoolPermission = "ec2:CreateCoipPoolPermission", /** * Grants permission to create a customer gateway, which provides information to A * WS about your customer gateway device * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateCustomerGateway.html */ CreateCustomerGateway = "ec2:CreateCustomerGateway", /** * Grants permission to create a default subnet in a specified Availability Zone i * n a default VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultSubnet.html */ CreateDefaultSubnet = "ec2:CreateDefaultSubnet", /** * Grants permission to create a default VPC with a default subnet in each Availab * ility Zone * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDefaultVpc.html */ CreateDefaultVpc = "ec2:CreateDefaultVpc", /** * Grants permission to create a set of DHCP options for a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateDhcpOptions.html */ CreateDhcpOptions = "ec2:CreateDhcpOptions", /** * Grants permission to create an egress-only internet gateway for a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateEgressOnlyInternetGateway.html */ CreateEgressOnlyInternetGateway = "ec2:CreateEgressOnlyInternetGateway", /** * Grants permission to launch an EC2 Fleet. Resource-level permissions for this a * ction do not include the resources specified in a launch template. To specify r * esource-level permissions for resources specified in a launch template, you mus * t include the resources in the RunInstances action statement * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFleet.html */ CreateFleet = "ec2:CreateFleet", /** * Grants permission to create one or more flow logs to capture IP traffic for a n * etwork interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFlowLogs.html */ CreateFlowLogs = "ec2:CreateFlowLogs", /** * Grants permission to create an Amazon FPGA Image (AFI) from a design checkpoint * (DCP) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateFpgaImage.html */ CreateFpgaImage = "ec2:CreateFpgaImage", /** * Grants permission to create an Amazon EBS-backed AMI from a stopped or running * Amazon EBS-backed instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateImage.html */ CreateImage = "ec2:CreateImage", /** * Grants permission to create an EC2 Instance Connect Endpoint that allows you to * connect to an instance without a public IPv4 address * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceConnectEndpoint.html */ CreateInstanceConnectEndpoint = "ec2:CreateInstanceConnectEndpoint", /** * Grants permission to create an event window in which scheduled events for the a * ssociated Amazon EC2 instances can run * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceEventWindow.html */ CreateInstanceEventWindow = "ec2:CreateInstanceEventWindow", /** * Grants permission to export a running or stopped instance to an Amazon S3 bucke * t * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInstanceExportTask.html */ CreateInstanceExportTask = "ec2:CreateInstanceExportTask", /** * Grants permission to create an internet gateway for a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateInternetGateway.html */ CreateInternetGateway = "ec2:CreateInternetGateway", /** * Grants permission to create an Amazon VPC IP Address Manager (IPAM) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpam.html */ CreateIpam = "ec2:CreateIpam", /** * Grants permission to create a verification token, which proves ownership of an * external resource * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamExternalResourceVerificationToken.html */ CreateIpamExternalResourceVerificationToken = "ec2:CreateIpamExternalResourceVerificationToken", /** * Grants permission to create an IP address pool for Amazon VPC IP Address Manage * r (IPAM), which is a collection of contiguous IP address CIDRs * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamPool.html */ CreateIpamPool = "ec2:CreateIpamPool", /** * Grants permission to create an IPAM resource discovery * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamResourceDiscovery.html */ CreateIpamResourceDiscovery = "ec2:CreateIpamResourceDiscovery", /** * Grants permission to create an Amazon VPC IP Address Manager (IPAM) scope, whic * h is the highest-level container within IPAM * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateIpamScope.html */ CreateIpamScope = "ec2:CreateIpamScope", /** * Grants permission to create a 2048-bit RSA key pair * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateKeyPair.html */ CreateKeyPair = "ec2:CreateKeyPair", /** * Grants permission to create a launch template * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplate.html */ CreateLaunchTemplate = "ec2:CreateLaunchTemplate", /** * Grants permission to create a new version of a launch template * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLaunchTemplateVersion.html */ CreateLaunchTemplateVersion = "ec2:CreateLaunchTemplateVersion", /** * Grants permission to create a static route for a local gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRoute.html */ CreateLocalGatewayRoute = "ec2:CreateLocalGatewayRoute", /** * Grants permission to create a local gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTable.html */ CreateLocalGatewayRouteTable = "ec2:CreateLocalGatewayRouteTable", /** * Grants permission to allow a service to access a local gateway route table * * See https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ CreateLocalGatewayRouteTablePermission = "ec2:CreateLocalGatewayRouteTablePermission", /** * Grants permission to create a local gateway route table virtual interface group * association * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation.html */ CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation = "ec2:CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", /** * Grants permission to associate a VPC with a local gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateLocalGatewayRouteTableVpcAssociation.html */ CreateLocalGatewayRouteTableVpcAssociation = "ec2:CreateLocalGatewayRouteTableVpcAssociation", /** * Grants permission to create a managed prefix list * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateManagedPrefixList.html */ CreateManagedPrefixList = "ec2:CreateManagedPrefixList", /** * Grants permission to create a NAT gateway in a subnet * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNatGateway.html */ CreateNatGateway = "ec2:CreateNatGateway", /** * Grants permission to create a network ACL in a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAcl.html */ CreateNetworkAcl = "ec2:CreateNetworkAcl", /** * Grants permission to create a numbered entry (a rule) in a network ACL * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAclEntry.html */ CreateNetworkAclEntry = "ec2:CreateNetworkAclEntry", /** * Grants permission to create a Network Access Scope * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsAccessScope.html */ CreateNetworkInsightsAccessScope = "ec2:CreateNetworkInsightsAccessScope", /** * Grants permission to create a path to analyze for reachability * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInsightsPath.html */ CreateNetworkInsightsPath = "ec2:CreateNetworkInsightsPath", /** * Grants permission to create a network interface in a subnet * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterface.html */ CreateNetworkInterface = "ec2:CreateNetworkInterface", /** * Grants permission to create a permission for an AWS-authorized user to perform * certain operations on a network interface * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkInterfacePermission.html */ CreateNetworkInterfacePermission = "ec2:CreateNetworkInterfacePermission", /** * Grants permission to create a placement group * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePlacementGroup.html */ CreatePlacementGroup = "ec2:CreatePlacementGroup", /** * Grants permission to create a public IPv4 address pool for public IPv4 CIDRs th * at you own and bring to Amazon to manage with Amazon VPC IP Address Manager (IP * AM) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreatePublicIpv4Pool.html */ CreatePublicIpv4Pool = "ec2:CreatePublicIpv4Pool", /** * Grants permission to create a root volume replacement task * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReplaceRootVolumeTask.html */ CreateReplaceRootVolumeTask = "ec2:CreateReplaceRootVolumeTask", /** * Grants permission to create a listing for Standard Reserved Instances to be sol * d in the Reserved Instance Marketplace * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateReservedInstancesListing.html */ CreateReservedInstancesListing = "ec2:CreateReservedInstancesListing", /** * Grants permission to start a task that restores an AMI from an S3 object previo * usly created by using CreateStoreImageTask * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRestoreImageTask.html */ CreateRestoreImageTask = "ec2:CreateRestoreImageTask", /** * Grants permission to create a route in a VPC route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRoute.html */ CreateRoute = "ec2:CreateRoute", /** * Grants permission to create a route table for a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateRouteTable.html */ CreateRouteTable = "ec2:CreateRouteTable", /** * Grants permission to create a security group * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSecurityGroup.html */ CreateSecurityGroup = "ec2:CreateSecurityGroup", /** * Grants permission to create a snapshot of an EBS volume and store it in Amazon * S3 * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshot.html */ CreateSnapshot = "ec2:CreateSnapshot", /** * Grants permission to create crash-consistent snapshots of multiple EBS volumes * and store them in Amazon S3 * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSnapshots.html */ CreateSnapshots = "ec2:CreateSnapshots", /** * Grants permission to create a data feed for Spot Instances to view Spot Instanc * e usage logs * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSpotDatafeedSubscription.html */ CreateSpotDatafeedSubscription = "ec2:CreateSpotDatafeedSubscription", /** * Grants permission to store an AMI as a single object in an S3 bucket * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateStoreImageTask.html */ CreateStoreImageTask = "ec2:CreateStoreImageTask", /** * Grants permission to create a subnet in a VPC * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSubnet.html */ CreateSubnet = "ec2:CreateSubnet", /** * Grants permission to create a subnet CIDR reservation * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateSubnetCidrReservation.html */ CreateSubnetCidrReservation = "ec2:CreateSubnetCidrReservation", /** * Grants permission to add or overwrite one or more tags for Amazon EC2 resources * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html */ CreateTags = "ec2:CreateTags", /** * Grants permission to create a traffic mirror filter * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilter.html */ CreateTrafficMirrorFilter = "ec2:CreateTrafficMirrorFilter", /** * Grants permission to create a traffic mirror filter rule * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.html */ CreateTrafficMirrorFilterRule = "ec2:CreateTrafficMirrorFilterRule", /** * Grants permission to create a traffic mirror session * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorSession.html */ CreateTrafficMirrorSession = "ec2:CreateTrafficMirrorSession", /** * Grants permission to create a traffic mirror target * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorTarget.html */ CreateTrafficMirrorTarget = "ec2:CreateTrafficMirrorTarget", /** * Grants permission to create a transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGateway.html */ CreateTransitGateway = "ec2:CreateTransitGateway", /** * Grants permission to create a Connect attachment from a specified transit gatew * ay attachment * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayConnect.html */ CreateTransitGatewayConnect = "ec2:CreateTransitGatewayConnect", /** * Grants permission to create a Connect peer between a transit gateway and an app * liance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayConnectPeer.html */ CreateTransitGatewayConnectPeer = "ec2:CreateTransitGatewayConnectPeer", /** * Grants permission to create a multicast domain for a transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayMulticastDomain.html */ CreateTransitGatewayMulticastDomain = "ec2:CreateTransitGatewayMulticastDomain", /** * Grants permission to request a transit gateway peering attachment between a req * uester and accepter transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayPeeringAttachment.html */ CreateTransitGatewayPeeringAttachment = "ec2:CreateTransitGatewayPeeringAttachment", /** * Grants permission to create a transit gateway policy table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayPolicyTable.html */ CreateTransitGatewayPolicyTable = "ec2:CreateTransitGatewayPolicyTable", /** * Grants permission to create a transit gateway prefix list reference * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayPrefixListReference.html */ CreateTransitGatewayPrefixListReference = "ec2:CreateTransitGatewayPrefixListReference", /** * Grants permission to create a static route for a transit gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayRoute.html */ CreateTransitGatewayRoute = "ec2:CreateTransitGatewayRoute", /** * Grants permission to create a route table for a transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayRouteTable.html */ CreateTransitGatewayRouteTable = "ec2:CreateTransitGatewayRouteTable", /** * Grants permission to create an announcement for a transit gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayRouteTableAnnouncement.html */ CreateTransitGatewayRouteTableAnnouncement = "ec2:CreateTransitGatewayRouteTableAnnouncement", /** * Grants permission to attach a VPC to a transit gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTransitGatewayVpcAttachment.html */ CreateTransitGatewayVpcAttachment = "ec2:CreateTransitGatewayVpcAttachment", /** * Grants permission to create a Verified Access endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVerifiedAccessEndpoint.html */ CreateVerifiedAccessEndpoint = "ec2:CreateVerifiedAccessEndpoint", /** * Grants permission to create a Verified Access group * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVerifiedAccessGroup.html */ CreateVerifiedAccessGroup = "ec2:CreateVerifiedAccessGroup", /** * Grants permission to create a Verified Access instance * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVerifiedAccessInstance.html */ CreateVerifiedAccessInstance = "ec2:CreateVerifiedAccessInstance", /** * Grants permission to create a verified trust provider * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVerifiedAccessTrustProvider.html */ CreateVerifiedAccessTrustProvider = "ec2:CreateVerifiedAccessTrustProvider", /** * Grants permission to create an EBS volume * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVolume.html */ CreateVolume = "ec2:CreateVolume", /** * Grants permission to create a VPC with a specified CIDR block * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpc.html */ CreateVpc = "ec2:CreateVpc", /** * Grants permission to create an exclusion list for blocked public access on a VP * C * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcBlockPublicAccessExclusion.html */ CreateVpcBlockPublicAccessExclusion = "ec2:CreateVpcBlockPublicAccessExclusion", /** * Grants permission to create a VPC endpoint for an AWS service * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpoint.html */ CreateVpcEndpoint = "ec2:CreateVpcEndpoint", /** * Grants permission to create a connection notification for a VPC endpoint or VPC * endpoint service * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpointConnectionNotification.html */ CreateVpcEndpointConnectionNotification = "ec2:CreateVpcEndpointConnectionNotification", /** * Grants permission to create a VPC endpoint service configuration to which servi * ce consumers (AWS accounts, IAM users, and IAM roles) can connect * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpointServiceConfiguration.html */ CreateVpcEndpointServiceConfiguration = "ec2:CreateVpcEndpointServiceConfiguration", /** * Grants permission to request a VPC peering connection between two VPCs * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcPeeringConnection.html */ CreateVpcPeeringConnection = "ec2:CreateVpcPeeringConnection", /** * Grants permission to create a VPN connection between a virtual private gateway * or transit gateway and a customer gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpnConnection.html */ CreateVpnConnection = "ec2:CreateVpnConnection", /** * Grants permission to create a static route for a VPN connection between a virtu * al private gateway and a customer gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpnConnectionRoute.html */ CreateVpnConnectionRoute = "ec2:CreateVpnConnectionRoute", /** * Grants permission to create a virtual private gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpnGateway.html */ CreateVpnGateway = "ec2:CreateVpnGateway", /** * Grants permission to delete a carrier gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteCarrierGateway.html */ DeleteCarrierGateway = "ec2:DeleteCarrierGateway", /** * Grants permission to delete a Client VPN endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteClientVpnEndpoint.html */ DeleteClientVpnEndpoint = "ec2:DeleteClientVpnEndpoint", /** * Grants permission to delete a route from a Client VPN endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteClientVpnRoute.html */ DeleteClientVpnRoute = "ec2:DeleteClientVpnRoute", /** * Grants permission to delete a range of customer-owned IP (CoIP) addresses * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteCoipCidr.html */ DeleteCoipCidr = "ec2:DeleteCoipCidr", /** * Grants permission to delete a pool of customer-owned IP (CoIP) addresses * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteCoipPool.html */ DeleteCoipPool = "ec2:DeleteCoipPool", /** * Grants permission to deny a service from accessing a customer-owned IP (CoIP) p * ool * * See https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ DeleteCoipPoolPermission = "ec2:DeleteCoipPoolPermission", /** * Grants permission to delete a customer gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteCustomerGateway.html */ DeleteCustomerGateway = "ec2:DeleteCustomerGateway", /** * Grants permission to delete a set of DHCP options * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteDhcpOptions.html */ DeleteDhcpOptions = "ec2:DeleteDhcpOptions", /** * Grants permission to delete an egress-only internet gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteEgressOnlyInternetGateway.html */ DeleteEgressOnlyInternetGateway = "ec2:DeleteEgressOnlyInternetGateway", /** * Grants permission to delete one or more EC2 Fleets * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteFleets.html */ DeleteFleets = "ec2:DeleteFleets", /** * Grants permission to delete one or more flow logs * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteFlowLogs.html */ DeleteFlowLogs = "ec2:DeleteFlowLogs", /** * Grants permission to delete an Amazon FPGA Image (AFI) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteFpgaImage.html */ DeleteFpgaImage = "ec2:DeleteFpgaImage", /** * Grants permission to delete an EC2 Instance Connect Endpoint * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteInstanceConnectEndpoint.html */ DeleteInstanceConnectEndpoint = "ec2:DeleteInstanceConnectEndpoint", /** * Grants permission to delete the specified event window * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteInstanceEventWindow.html */ DeleteInstanceEventWindow = "ec2:DeleteInstanceEventWindow", /** * Grants permission to delete an internet gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteInternetGateway.html */ DeleteInternetGateway = "ec2:DeleteInternetGateway", /** * Grants permission to delete an Amazon VPC IP Address Manager (IPAM) and remove * all monitored data associated with the IPAM including the historical data for C * IDRs * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteIpam.html */ DeleteIpam = "ec2:DeleteIpam", /** * Grants permission to delete a verification token, which proves ownership of an * external resource * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteIpamExternalResourceVerificationToken.html */ DeleteIpamExternalResourceVerificationToken = "ec2:DeleteIpamExternalResourceVerificationToken", /** * Grants permission to delete an Amazon VPC IP Address Manager (IPAM) pool * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteIpamPool.html */ DeleteIpamPool = "ec2:DeleteIpamPool", /** * Grants permission to delete an IPAM resource discovery * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteIpamResourceDiscovery.html */ DeleteIpamResourceDiscovery = "ec2:DeleteIpamResourceDiscovery", /** * Grants permission to delete the scope for an Amazon VPC IP Address Manager (IPA * M) * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteIpamScope.html */ DeleteIpamScope = "ec2:DeleteIpamScope", /** * Grants permission to delete a key pair by removing the public key from Amazon * EC2 * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteKeyPair.html */ DeleteKeyPair = "ec2:DeleteKeyPair", /** * Grants permission to delete a launch template and its associated versions * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLaunchTemplate.html */ DeleteLaunchTemplate = "ec2:DeleteLaunchTemplate", /** * Grants permission to delete one or more versions of a launch template * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLaunchTemplateVersions.html */ DeleteLaunchTemplateVersions = "ec2:DeleteLaunchTemplateVersions", /** * Grants permission to delete a route from a local gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLocalGatewayRoute.html */ DeleteLocalGatewayRoute = "ec2:DeleteLocalGatewayRoute", /** * Grants permission to delete a local gateway route table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLocalGatewayRouteTable.html */ DeleteLocalGatewayRouteTable = "ec2:DeleteLocalGatewayRouteTable", /** * Grants permission to deny a service from accessing a local gateway route table * * See https://docs.aws.amazon.com/outposts/latest/userguide/identity-access-management.html */ DeleteLocalGatewayRouteTablePermission = "ec2:DeleteLocalGatewayRouteTablePermission", /** * Grants permission to delete a local gateway route table virtual interface group * association * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation.html */ DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation = "ec2:DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", /** * Grants permission to delete an association between a VPC and local gateway rout * e table * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteLocalGatewayRouteTableVpcAssociation.html */ DeleteLocalGatewayRouteTableVpcAssociation = "ec2:DeleteLocalGatewayRouteTableVpcAssociation", /** * Grants permission to delete a managed prefix list * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteManagedPrefixList.html */ DeleteManagedPrefixList = "ec2:DeleteManagedPrefixList", /** * Grants permission to delete a NAT gateway * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNatGateway.html */ DeleteNatGateway = "ec2:DeleteNatGateway", /** * Grants permission to delete a network ACL * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkAcl.html */ DeleteNetworkAcl = "ec2:DeleteNetworkAcl", /** * Grants permission to delete an inbound or outbound entry (rule) from a network * ACL * * See https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_De