Suhail Gupta
Reputation: 23266
AWS policy for creating only the snapshots
I have attached the following policy with an IAM user that should allow the user to create a snapshot of the EC2 instance (EBS backed).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1473146965806",
"Action": [
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:MY_ACCOUNT_ID:*/*"
}
]
}
But when the user tries to execute the command to create a snapshot, the following error occurs:
An error occurred (UnauthorizedOperation) when calling the CreateSnapshot
operation: You are not authorized to perform this operation.
What is incorrect in the policy?
Upvotes: 0
Views: 4396
Answers (1)
David Álvaro
Reputation: 121
CreateSnapshot doesn't support resource-level permissions, you can use a wildcard for the "Resource":"*":
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1473146965806",
"Action": [
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Upvotes: 2
Related Questions
- AWS/IAM Policy for RDS snapshot management?
- Creating an EC2 instance from a snapshot in AWS?
- How to automate EC2 Instance snapshots?
- Amazon aws snapshots and AMIs
- AWS application consistent snapshots of EC2 instances
- Steps to create AWS snapshot automatically
- Versioning aws policies
- Necessary to keep snapshot when AMI exists?
- Snapshots on Amazon EC2
- AWS Snapshot AMI