Amazon EBS now supports additional resource-level permissions for creating EBS volumes from snapshots
Share
Services
Amazon Elastic Block Store (Amazon EBS) now supports additional resource-level permissions for creating [EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volumes.html) from [snapshots](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-snapshots.html). With this launch, you now have more granular controls to set resource-level permissions for the creation of a volume and selection of the source snapshot when calling the [CreateVolume](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API%5FCreateVolume.html) action in your IAM policy. This allows you to control the IAM identities that can create EBS volumes from source snapshots, and the conditions that they can use these snapshots to create EBS volumes.
To meet your specific permission needs on the source snapshots, you can also specify any of 5 EC2-specific condition keys in your IAM policy: ec2:Encrypted, ec2:VolumeSize, ec2:Owner, ec2:ParentVolume, and ec2:SnapshotTime. Additionally, you can use[ global condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference%5Fpolicies%5Fcondition-keys.html) for the source snapshot.
This new resource-level permission model is available in all AWS Regions where EBS volumes are available. To learn more about using resource-level permissions to create EBS volume, or transitioning to the new resource-level permission model from previous permission model, please visit the [launch blog](https://aws.amazon.com/blogs/storage/enhancing-resource-level-permission-for-creating-an-amazon-ebs-volume-from-a-snapshot/). For more information about Amazon EBS, please visit the [product page](https://aws.amazon.com/ebs/).
What else is happening at Amazon Web Services?
Amazon Route 53 Traffic Flow introduces a new visual editor to improve DNS policy editing
about 4 hours ago
Services
Share
Read update
Services
Share
AWS Amplify Hosting announces deployment skew protection support
about 5 hours ago
Services
Share
AWS Backup adds logically air-gapped vault support for Amazon FSx
about 5 hours ago
Services
Share
Read update
Services
Share