Amazon EBS now supports additional resource-level permissions for creating EBS volumes from snapshots

Amazon Elastic Block Store (Amazon EBS) now supports additional resource-level permissions for creating [EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes.html) from [snapshots](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html). With this launch, you now have more granular controls to set resource-level permissions for the creation of a volume and selection of the source snapshot when calling the [CreateVolume](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API%5FCreateVolume.html) action in your IAM policy. This allows you to control the IAM identities that can create EBS volumes from source snapshots, and the conditions that they can use these snapshots to create EBS volumes. To meet your specific permission needs on the source snapshots, you can also specify any of 5 EC2-specific condition keys in your IAM policy: ec2:Encrypted, ec2:VolumeSize, ec2:Owner, ec2:ParentVolume, and ec2:SnapshotTime. Additionally, you can use[ global condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference%5Fpolicies%5Fcondition-keys.html) for the source snapshot. This new resource-level permission model is available in all AWS Regions where EBS volumes are available. To learn more about using resource-level permissions to create EBS volume, or transitioning to the new resource-level permission model from previous permission model, please visit the [launch blog](https://aws.amazon.com/blogs/storage/enhancing-resource-level-permission-for-creating-an-amazon-ebs-volume-from-a-snapshot/). For more information about Amazon EBS, please visit the [product page](https://aws.amazon.com/ebs/).