You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Example
This example makes the snap-1234567890abcdef0 snapshot public, and gives the account with ID 111122223333 permission to create volumes from the snapshot.
# Sample Request
https://ec2.amazonaws.com/?Action=ModifySnapshotAttribute
&SnapshotId=snap-1234567890abcdef0
&CreateVolumePermission.Add.1.UserId=111122223333
&CreateVolumePermission.Add.1.Group=all
&AUTHPARAMS
The text was updated successfully, but these errors were encountered:
@KevinHock, I have been doing some investigating on this and I'm not sure we can quite do what you are looking for. It is possible to create an SCP that prevents all snapshot permission modifications using a null check on the ec2:Attribute/CREATE_VOLUME_PERMISSION condition.
This allows us to filter on someone attempting to make any permission change. But there is no condition key available that I can find to filter on the Group=all attribute value that would limit the deny statement to only Public sharing modifications. I think in most cases you wouldn't want to filter out all permission changes because it may be entirely legitimate to share a volume with another account.
If you have any other ideas definitely let us know and we can try them out.
Encryption makes this unnecessary, but for completeness.
From the
ec2:ModifySnapshotAttribute
docs:The text was updated successfully, but these errors were encountered: