IAM Tools
Overview
Tools
Resources
Projects
Blog
Chat
IAM Shrink
Drop in a policy or a list of IAM actions to make it smaller
Based on
iam-shrink
with
iam-data
version 0.18.202604111 updated 4/11/2026.
Policy Document or Actions to shrink
{ "Version": "2012-10-17", "Statement": [ { "Sid": "EC2Actions", "Action": [ "ec2:AcceptAddressTransfer", "ec2:AcceptCapacityReservationBillingOwnership", "ec2:AcceptReservedInstancesExchangeQuote", "ec2:AcceptTransitGatewayMulticastDomainAssociations", "ec2:AcceptTransitGatewayPeeringAttachment", "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AcceptVpcEndpointConnections", "ec2:AcceptVpcPeeringConnection", "ec2:AdvertiseByoipCidr", "ec2:AllocateAddress", "ec2:AllocateHosts", "ec2:AllocateIpamPoolCidr", "ec2:ApplySecurityGroupsToClientVpnTargetNetwork", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssignPrivateNatGatewayAddress", "ec2:AssociateAddress", "ec2:AssociateCapacityReservationBillingOwner", "ec2:AssociateClientVpnTargetNetwork", "ec2:AssociateDhcpOptions", "ec2:AssociateEnclaveCertificateIamRole", "ec2:AssociateIamInstanceProfile", "ec2:AssociateInstanceEventWindow", "ec2:AssociateIpamByoasn", "ec2:AssociateIpamResourceDiscovery", "ec2:AssociateNatGatewayAddress", "ec2:AssociateRouteTable", "ec2:AssociateSecurityGroupVpc", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateTransitGatewayMulticastDomain", "ec2:AssociateTransitGatewayPolicyTable", "ec2:AssociateTransitGatewayRouteTable", "ec2:AssociateTrunkInterface", "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:AssociateVpcCidrBlock", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVerifiedAccessTrustProvider", "ec2:AttachVolume", "ec2:AttachVpnGateway", "ec2:AuthorizeClientVpnIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:BundleInstance", "ec2:CancelBundleTask", "ec2:CancelCapacityReservation", "ec2:CancelCapacityReservationFleets", "ec2:CancelConversionTask", "ec2:CancelDeclarativePoliciesReport", "ec2:CancelExportTask", "ec2:CancelImageLaunchPermission", "ec2:CancelImportTask", "ec2:CancelReservedInstancesListing", "ec2:CancelSpotFleetRequests", "ec2:CancelSpotInstanceRequests", "ec2:ConfirmProductInstance", "ec2:CopyFpgaImage", "ec2:CopyImage", "ec2:CopySnapshot", "ec2:CreateCapacityReservation", "ec2:CreateCapacityReservationBySplitting", "ec2:CreateCapacityReservationFleet", "ec2:CreateCarrierGateway", "ec2:CreateClientVpnEndpoint", "ec2:CreateClientVpnRoute", "ec2:CreateCoipCidr", "ec2:CreateCoipPool", "ec2:CreateCoipPoolPermission", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFleet", "ec2:CreateFlowLogs", "ec2:CreateFpgaImage", "ec2:CreateImage", "ec2:CreateInstanceConnectEndpoint", "ec2:CreateInstanceEventWindow", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateIpam", "ec2:CreateIpamExternalResourceVerificationToken", "ec2:CreateIpamPool", "ec2:CreateIpamResourceDiscovery", "ec2:CreateIpamScope", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTable", "ec2:CreateLocalGatewayRouteTablePermission", "ec2:CreateLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateManagedPrefixList", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInsightsAccessScope", "ec2:CreateNetworkInsightsPath", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreatePublicIpv4Pool", "ec2:CreateReplaceRootVolumeTask", "ec2:CreateReservedInstancesListing", "ec2:CreateRestoreImageTask", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:CreateSpotDatafeedSubscription", "ec2:CreateStoreImageTask", "ec2:CreateSubnet", "ec2:CreateSubnetCidrReservation", "ec2:CreateTags", "ec2:CreateTrafficMirrorFilter", "ec2:CreateTrafficMirrorFilterRule", "ec2:CreateTrafficMirrorSession", "ec2:CreateTrafficMirrorTarget", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayConnect", "ec2:CreateTransitGatewayConnectPeer", "ec2:CreateTransitGatewayMulticastDomain", "ec2:CreateTransitGatewayPeeringAttachment", "ec2:CreateTransitGatewayPolicyTable", "ec2:CreateTransitGatewayPrefixListReference", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayRouteTableAnnouncement", "ec2:CreateTransitGatewayVpcAttachment", "ec2:CreateVerifiedAccessEndpoint", "ec2:CreateVerifiedAccessGroup", "ec2:CreateVerifiedAccessInstance", "ec2:CreateVerifiedAccessTrustProvider", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcBlockPublicAccessExclusion", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCarrierGateway", "ec2:DeleteClientVpnEndpoint", "ec2:DeleteClientVpnRoute", "ec2:DeleteCoipCidr", "ec2:DeleteCoipPool", "ec2:DeleteCoipPoolPermission", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFleets", "ec2:DeleteFlowLogs", "ec2:DeleteFpgaImage", "ec2:DeleteInstanceConnectEndpoint", "ec2:DeleteInstanceEventWindow", "ec2:DeleteInternetGateway", "ec2:DeleteIpam", "ec2:DeleteIpamExternalResourceVerificationToken", "ec2:DeleteIpamPool", "ec2:DeleteIpamResourceDiscovery", "ec2:DeleteIpamScope", "ec2:DeleteKeyPair", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTable", "ec2:DeleteLocalGatewayRouteTablePermission", "ec2:DeleteLocalGatewayRouteTableVirtualInterfaceGroupAssociation", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteManagedPrefixList", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInsightsAccessScope", "ec2:DeleteNetworkInsightsAccessScopeAnalysis", "ec2:DeleteNetworkInsightsAnalysis", "ec2:DeleteNetworkInsightsPath", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeletePlacementGroup", "ec2:DeletePublicIpv4Pool", "ec2:DeleteQueuedReservedInstances", "ec2:DeleteResourcePolicy", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteSpotDatafeedSubscription", "ec2:DeleteSubnet", "ec2:DeleteSubnetCidrReservation", "ec2:DeleteTags", "ec2:DeleteTrafficMirrorFilter", "ec2:DeleteTrafficMirrorFilterRule", "ec2:DeleteTrafficMirrorSession", "ec2:DeleteTrafficMirrorTarget", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayConnect", "ec2:DeleteTransitGatewayConnectPeer", "ec2:DeleteTransitGatewayMulticastDomain", "ec2:DeleteTransitGatewayPeeringAttachment", "ec2:DeleteTransitGatewayPolicyTable", "ec2:DeleteTransitGatewayPrefixListReference", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayRouteTableAnnouncement", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVerifiedAccessEndpoint", "ec2:DeleteVerifiedAccessGroup", "ec2:DeleteVerifiedAccessInstance", "ec2:DeleteVerifiedAccessTrustProvider", "ec2:DeleteVolume", "ec2:DeleteVpc", "ec2:DeleteVpcBlockPublicAccessExclusion", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DeprovisionByoipCidr", "ec2:DeprovisionIpamByoasn", "ec2:DeprovisionIpamPoolCidr", "ec2:DeprovisionPublicIpv4PoolCidr", "ec2:DeregisterImage", "ec2:DeregisterInstanceEventNotificationAttributes", "ec2:DeregisterTransitGatewayMulticastGroupMembers", "ec2:DeregisterTransitGatewayMulticastGroupSources", "ec2:DescribeAccountAttributes", "ec2:DescribeAddressTransfers", "ec2:DescribeAddresses", "ec2:DescribeAddressesAttribute", "ec2:DescribeAggregateIdFormat", "ec2:DescribeAvailabilityZones", "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions", "ec2:DescribeBundleTasks", "ec2:DescribeByoipCidrs", "ec2:DescribeCapacityBlockExtensionHistory", "ec2:DescribeCapacityBlockExtensionOfferings", "ec2:DescribeCapacityBlockOfferings", "ec2:DescribeCapacityReservationBillingRequests", "ec2:DescribeCapacityReservationFleets", "ec2:DescribeCapacityReservations", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnConnections", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeClientVpnRoutes", "ec2:DescribeClientVpnTargetNetworks", "ec2:DescribeCoipPools", "ec2:DescribeConversionTasks", "ec2:DescribeCustomerGateways", "ec2:DescribeDeclarativePoliciesReports", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeElasticGpus", "ec2:DescribeExportImageTasks", "ec2:DescribeExportTasks", "ec2:DescribeFastLaunchImages", "ec2:DescribeFastSnapshotRestores", "ec2:DescribeFleetHistory", "ec2:DescribeFleetInstances", "ec2:DescribeFleets", "ec2:DescribeFlowLogs", "ec2:DescribeFpgaImageAttribute", "ec2:DescribeFpgaImages", "ec2:DescribeHostReservationOfferings", "ec2:DescribeHostReservations", "ec2:DescribeHosts", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeIdFormat", "ec2:DescribeIdentityIdFormat", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeImportImageTasks", "ec2:DescribeImportSnapshotTasks", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceConnectEndpoints", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeInstanceEventNotificationAttributes", "ec2:DescribeInstanceEventWindows", "ec2:DescribeInstanceImageMetadata", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTopology", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpamByoasn", "ec2:DescribeIpamExternalResourceVerificationTokens", "ec2:DescribeIpamPools", "ec2:DescribeIpamResourceDiscoveries", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DescribeIpamScopes", "ec2:DescribeIpams", "ec2:DescribeIpv6Pools", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayVirtualInterfaceGroups", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeLocalGateways", "ec2:DescribeLockedSnapshots", "ec2:DescribeMacHosts", "ec2:DescribeManagedPrefixLists", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInsightsAccessScopeAnalyses", "ec2:DescribeNetworkInsightsAccessScopes", "ec2:DescribeNetworkInsightsAnalyses", "ec2:DescribeNetworkInsightsPaths", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribePrincipalIdFormat", "ec2:DescribePublicIpv4Pools", "ec2:DescribeRegions", "ec2:DescribeReplaceRootVolumeTasks", "ec2:DescribeReservedInstances", "ec2:DescribeReservedInstancesListings", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeRouteTables", "ec2:DescribeScheduledInstanceAvailability", "ec2:DescribeScheduledInstances", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroupVpcAssociations", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshotTierStatus", "ec2:DescribeSnapshots", "ec2:DescribeSpotDatafeedSubscription", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeStoreImageTasks", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorFilterRules", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnectPeers", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayPolicyTables", "ec2:DescribeTransitGatewayRouteTableAnnouncements", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeTrunkInterfaceAssociations", "ec2:DescribeVerifiedAccessEndpoints", "ec2:DescribeVerifiedAccessGroups", "ec2:DescribeVerifiedAccessInstanceLoggingConfigurations", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:DescribeVerifiedAccessInstances", "ec2:DescribeVerifiedAccessTrustProviders", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcBlockPublicAccessExclusions", "ec2:DescribeVpcBlockPublicAccessOptions", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointAssociations", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVerifiedAccessTrustProvider", "ec2:DetachVolume", "ec2:DetachVpnGateway", "ec2:DisableAddressTransfer", "ec2:DisableAllowedImagesSettings", "ec2:DisableAwsNetworkPerformanceMetricSubscription", "ec2:DisableEbsEncryptionByDefault", "ec2:DisableFastLaunch", "ec2:DisableFastSnapshotRestores", "ec2:DisableImage", "ec2:DisableImageBlockPublicAccess", "ec2:DisableImageDeprecation", "ec2:DisableImageDeregistrationProtection", "ec2:DisableIpamOrganizationAdminAccount", "ec2:DisableSerialConsoleAccess", "ec2:DisableSnapshotBlockPublicAccess", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLink", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateCapacityReservationBillingOwner", "ec2:DisassociateClientVpnTargetNetwork", "ec2:DisassociateEnclaveCertificateIamRole", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateInstanceEventWindow", "ec2:DisassociateIpamByoasn", "ec2:DisassociateIpamResourceDiscovery", "ec2:DisassociateNatGatewayAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSecurityGroupVpc", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateTransitGatewayMulticastDomain", "ec2:DisassociateTransitGatewayPolicyTable", "ec2:DisassociateTransitGatewayRouteTable", "ec2:DisassociateTrunkInterface", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVpcCidrBlock", "ec2:EnableAddressTransfer", "ec2:EnableAllowedImagesSettings", "ec2:EnableAwsNetworkPerformanceMetricSubscription", "ec2:EnableEbsEncryptionByDefault", "ec2:EnableFastLaunch", "ec2:EnableFastSnapshotRestores", "ec2:EnableImage", "ec2:EnableImageBlockPublicAccess", "ec2:EnableImageDeprecation", "ec2:EnableImageDeregistrationProtection", "ec2:EnableIpamOrganizationAdminAccount", "ec2:EnableReachabilityAnalyzerOrganizationSharing", "ec2:EnableSerialConsoleAccess", "ec2:EnableSnapshotBlockPublicAccess", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:EnableVgwRoutePropagation", "ec2:EnableVolumeIO", "ec2:EnableVpcClassicLink", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:ExportClientVpnClientCertificateRevocationList", "ec2:ExportClientVpnClientConfiguration", "ec2:ExportImage", "ec2:ExportTransitGatewayRoutes", "ec2:ExportVerifiedAccessInstanceClientConfiguration", "ec2:GetAllowedImagesSettings", "ec2:GetAssociatedEnclaveCertificateIamRoles", "ec2:GetAssociatedIpv6PoolCidrs", "ec2:GetAwsNetworkPerformanceData", "ec2:GetCapacityReservationUsage", "ec2:GetCoipPoolUsage", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot", "ec2:GetDeclarativePoliciesReportSummary", "ec2:GetDefaultCreditSpecification", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ec2:GetFlowLogsIntegrationTemplate", "ec2:GetGroupsForCapacityReservation", "ec2:GetHostReservationPurchasePreview", "ec2:GetImageBlockPublicAccessState", "ec2:GetInstanceMetadataDefaults", "ec2:GetInstanceTpmEkPub", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetInstanceUefiData", "ec2:GetIpamAddressHistory", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses", "ec2:GetIpamDiscoveredResourceCidrs", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetIpamResourceCidrs", "ec2:GetLaunchTemplateData", "ec2:GetManagedPrefixListAssociations", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetPasswordData", "ec2:GetReservedInstancesExchangeQuote", "ec2:GetResourcePolicy", "ec2:GetSecurityGroupsForVpc", "ec2:GetSerialConsoleAccessStatus", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetSpotPlacementScores", "ec2:GetSubnetCidrReservations", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayPolicyTableAssociations", "ec2:GetTransitGatewayPolicyTableEntries", "ec2:GetTransitGatewayPrefixListReferences", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:GetVerifiedAccessEndpointPolicy", "ec2:GetVerifiedAccessEndpointTargets", "ec2:GetVerifiedAccessGroupPolicy", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:GetVpnConnectionDeviceSampleConfiguration", "ec2:GetVpnConnectionDeviceTypes", "ec2:GetVpnTunnelReplacementStatus", "ec2:ImportByoipCidrToIpam", "ec2:ImportClientVpnClientCertificateRevocationList", "ec2:ImportImage", "ec2:ImportInstance", "ec2:ImportKeyPair", "ec2:ImportSnapshot", "ec2:ImportVolume", "ec2:InjectApiError", "ec2:ListImagesInRecycleBin", "ec2:ListSnapshotsInRecycleBin", "ec2:LockSnapshot", "ec2:ModifyAddressAttribute", "ec2:ModifyAvailabilityZoneGroup", "ec2:ModifyCapacityReservation", "ec2:ModifyCapacityReservationFleet", "ec2:ModifyClientVpnEndpoint", "ec2:ModifyDefaultCreditSpecification", "ec2:ModifyEbsDefaultKmsKeyId", "ec2:ModifyFleet", "ec2:ModifyFpgaImageAttribute", "ec2:ModifyHosts", "ec2:ModifyIdFormat", "ec2:ModifyIdentityIdFormat", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifyInstanceCapacityReservationAttributes", "ec2:ModifyInstanceCpuOptions", "ec2:ModifyInstanceCreditSpecification", "ec2:ModifyInstanceEventStartTime", "ec2:ModifyInstanceEventWindow", "ec2:ModifyInstanceMaintenanceOptions", "ec2:ModifyInstanceMetadataDefaults", "ec2:ModifyInstanceMetadataOptions", "ec2:ModifyInstanceNetworkPerformanceOptions", "ec2:ModifyInstancePlacement", "ec2:ModifyIpam", "ec2:ModifyIpamPool", "ec2:ModifyIpamResourceCidr", "ec2:ModifyIpamResourceDiscovery", "ec2:ModifyIpamScope", "ec2:ModifyLaunchTemplate", "ec2:ModifyLocalGatewayRoute", "ec2:ModifyManagedPrefixList", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyPrivateDnsNameOptions", "ec2:ModifyReservedInstances", "ec2:ModifySecurityGroupRules", "ec2:ModifySnapshotAttribute", "ec2:ModifySnapshotTier", "ec2:ModifySpotFleetRequest", "ec2:ModifySubnetAttribute", "ec2:ModifyTrafficMirrorFilterNetworkServices", "ec2:ModifyTrafficMirrorFilterRule", "ec2:ModifyTrafficMirrorSession", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayPrefixListReference", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:ModifyVerifiedAccessEndpoint", "ec2:ModifyVerifiedAccessEndpointPolicy", "ec2:ModifyVerifiedAccessGroup", "ec2:ModifyVerifiedAccessGroupPolicy", "ec2:ModifyVerifiedAccessInstance", "ec2:ModifyVerifiedAccessInstanceLoggingConfiguration", "ec2:ModifyVerifiedAccessTrustProvider", "ec2:ModifyVolume", "ec2:ModifyVolumeAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcBlockPublicAccessExclusion", "ec2:ModifyVpcBlockPublicAccessOptions", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePayerResponsibility", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:ModifyVpnConnection", "ec2:ModifyVpnConnectionOptions", "ec2:ModifyVpnTunnelCertificate", "ec2:ModifyVpnTunnelOptions", "ec2:MonitorInstances", "ec2:MoveAddressToVpc", "ec2:MoveByoipCidrToIpam", "ec2:MoveCapacityReservationInstances", "ec2:PauseVolumeIO", "ec2:ProvisionByoipCidr", "ec2:ProvisionIpamByoasn", "ec2:ProvisionIpamPoolCidr", "ec2:ProvisionPublicIpv4PoolCidr", "ec2:PurchaseCapacityBlock", "ec2:PurchaseCapacityBlockExtension", "ec2:PurchaseHostReservation", "ec2:PurchaseReservedInstancesOffering", "ec2:PurchaseScheduledInstances", "ec2:PutResourcePolicy", "ec2:RebootInstances", "ec2:RegisterImage", "ec2:RegisterInstanceEventNotificationAttributes", "ec2:RegisterTransitGatewayMulticastGroupMembers", "ec2:RegisterTransitGatewayMulticastGroupSources", "ec2:RejectCapacityReservationBillingOwnership", "ec2:RejectTransitGatewayMulticastDomainAssociations", "ec2:RejectTransitGatewayPeeringAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReleaseHosts", "ec2:ReleaseIpamPoolAllocation", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:ReplaceImageCriteriaInAllowedImagesSettings", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ReplaceTransitGatewayRoute", "ec2:ReplaceVpnTunnel", "ec2:ReportInstanceStatus", "ec2:RequestSpotFleet", "ec2:RequestSpotInstances", "ec2:ResetAddressAttribute", "ec2:ResetEbsDefaultKmsKeyId", "ec2:ResetFpgaImageAttribute", "ec2:ResetImageAttribute", "ec2:ResetInstanceAttribute", "ec2:ResetNetworkInterfaceAttribute", "ec2:ResetSnapshotAttribute", "ec2:RestoreAddressToClassic", "ec2:RestoreImageFromRecycleBin", "ec2:RestoreManagedPrefixListVersion", "ec2:RestoreSnapshotFromRecycleBin", "ec2:RestoreSnapshotTier", "ec2:RevokeClientVpnIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:RunScheduledInstances", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayMulticastGroups", "ec2:SearchTransitGatewayRoutes", "ec2:SendDiagnosticInterrupt", "ec2:SendSpotInstanceInterruptions", "ec2:StartDeclarativePoliciesReport", "ec2:StartInstances", "ec2:StartNetworkInsightsAccessScopeAnalysis", "ec2:StartNetworkInsightsAnalysis", "ec2:StartVpcEndpointServicePrivateDnsVerification", "ec2:StopInstances", "ec2:TerminateClientVpnConnections", "ec2:TerminateInstances", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UnassignPrivateNatGatewayAddress", "ec2:UnlockSnapshot", "ec2:UnmonitorInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:WithdrawByoipCidr" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "ELBActions", "Effect": "Allow", "Action": [ "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:AddTags", "elasticloadbalancing:AddTrustStoreRevocations", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:CreateTrustStore", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteSharedTrustStoreAssociation", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeleteTrustStore", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeCapacityReservation", "elasticloadbalancing:DescribeListenerAttributes", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTrustStoreAssociations", "elasticloadbalancing:DescribeTrustStoreRevocations", "elasticloadbalancing:DescribeTrustStores", "elasticloadbalancing:GetResourcePolicy", "elasticloadbalancing:GetTrustStoreCaCertificatesBundle", "elasticloadbalancing:GetTrustStoreRevocationContent", "elasticloadbalancing:ModifyCapacityReservation", "elasticloadbalancing:ModifyIpPools", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyListenerAttributes", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyRule", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:ModifyTrustStore", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:RemoveTags", "elasticloadbalancing:RemoveTrustStoreRevocations", "elasticloadbalancing:SetIpAddressType", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups", "elasticloadbalancing:SetSubnets", "elasticloadbalancing:SetWebAcl", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateAppCookieStickinessPolicy", "elasticloadbalancing:CreateLBCookieStickinessPolicy", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateLoadBalancerPolicy", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:DeleteLoadBalancerPolicy", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", "elasticloadbalancing:DetachLoadBalancerFromSubnets", "elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer", "elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:SetLoadBalancerListenerSSLCertificate", "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" ], "Resource": "*" }, { "Sid": "CloudWatchActions", "Effect": "Allow", "Action": [ "cloudwatch:BatchGetServiceLevelIndicatorReport", "cloudwatch:BatchGetServiceLevelObjectiveBudgetReport", "cloudwatch:CreateServiceLevelObjective", "cloudwatch:DeleteAlarms", "cloudwatch:DeleteAnomalyDetector", "cloudwatch:DeleteDashboards", "cloudwatch:DeleteInsightRules", "cloudwatch:DeleteMetricStream", "cloudwatch:DeleteServiceLevelObjective", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:DescribeInsightRules", "cloudwatch:DisableAlarmActions", "cloudwatch:DisableInsightRules", "cloudwatch:EnableAlarmActions", "cloudwatch:EnableInsightRules", "cloudwatch:EnableTopologyDiscovery", "cloudwatch:GenerateQuery", "cloudwatch:GetDashboard", "cloudwatch:GetInsightRuleReport", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricStream", "cloudwatch:GetMetricWidgetImage", "cloudwatch:GetService", "cloudwatch:GetServiceData", "cloudwatch:GetServiceLevelObjective", "cloudwatch:GetTopologyDiscoveryStatus", "cloudwatch:GetTopologyMap", "cloudwatch:Link", "cloudwatch:ListDashboards", "cloudwatch:ListEntitiesForMetric", "cloudwatch:ListManagedInsightRules", "cloudwatch:ListMetricStreams", "cloudwatch:ListMetrics", "cloudwatch:ListServiceLevelObjectives", "cloudwatch:ListServices", "cloudwatch:ListTagsForResource", "cloudwatch:PutAnomalyDetector", "cloudwatch:PutCompositeAlarm", "cloudwatch:PutDashboard", "cloudwatch:PutInsightRule", "cloudwatch:PutManagedInsightRules", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "cloudwatch:PutMetricStream", "cloudwatch:SetAlarmState", "cloudwatch:StartMetricStreams", "cloudwatch:StopMetricStreams", "cloudwatch:TagResource", "cloudwatch:UntagResource", "cloudwatch:UpdateServiceLevelObjective" ], "Resource": "*" }, { "Sid": "AutoScalingActions", "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancers", "autoscaling:AttachTrafficSources", "autoscaling:BatchDeleteScheduledAction", "autoscaling:BatchPutScheduledUpdateGroupAction", "autoscaling:CancelInstanceRefresh", "autoscaling:CompleteLifecycleAction", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteLifecycleHook", "autoscaling:DeleteNotificationConfiguration", "autoscaling:DeletePolicy", "autoscaling:DeleteScheduledAction", "autoscaling:DeleteTags", "autoscaling:DeleteWarmPool", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAdjustmentTypes", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeAutoScalingNotificationTypes", "autoscaling:DescribeInstanceRefreshes", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHookTypes", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribeLoadBalancerTargetGroups", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeMetricCollectionTypes", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribePolicies", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScalingProcessTypes", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeTerminationPolicyTypes", "autoscaling:DescribeTrafficSources", "autoscaling:DescribeWarmPool", "autoscaling:DetachInstances", "autoscaling:DetachLoadBalancerTargetGroups", "autoscaling:DetachLoadBalancers", "autoscaling:DetachTrafficSources", "autoscaling:DisableMetricsCollection", "autoscaling:EnableMetricsCollection", "autoscaling:EnterStandby", "autoscaling:ExecutePolicy", "autoscaling:ExitStandby", "autoscaling:GetPredictiveScalingForecast", "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutWarmPool", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:ResumeProcesses", "autoscaling:RollbackInstanceRefresh", "autoscaling:SetDesiredCapacity", "autoscaling:SetInstanceHealth", "autoscaling:SetInstanceProtection", "autoscaling:StartInstanceRefresh", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Resource": "*" }, { "Sid": "IAM", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "ec2scheduled.amazonaws.com", "elasticloadbalancing.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "transitgateway.amazonaws.com" ] } } } ] }
Shrunk Content
Copy To Clipboard
Shrink Iterations
Unlimited Iterations
Number of Iterations
Access Levels To Shrink
List
Read
Write
Permissions Management
Tagging
Output Options
Output as JSON
Remove Sids
Remove Whitespace