All HowTo's

Custom IAM Policy For EC2 Snapshots

There are two issues with creating EC2 snapshots on a schedule. First the AWS recommended way doesn’t allow for custom names for snapshots which we use for identifying the source or schedule. Second the AWS IAM doesn’t have a built-in policy that allows it. So this article provides an example custom policy that works.

The following example allows the user it’s assigned to, to list EC2 instances, create and delete snapshots and deal with tags which we fine critical.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateSnapshot",
                "ec2:DeleteSnapshot",
                "ec2:Describe*",
                "ec2:CreateTags"
            ],
            "Resource": "*"
        }
    ]
}

Leave a Reply

Your email address will not be published. Required fields are marked *