Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
EC2ImageBuilderExecutionPolicy
Deskripsi: Memberikan izin yang memungkinkan EC2 Image Builder memanggil AWS layanan atas nama Anda
EC2ImageBuilderExecutionPolicyadalah kebijakan yang AWS dikelola.
Menggunakan kebijakan ini
Anda dapat melampirkan EC2ImageBuilderExecutionPolicy ke pengguna, grup, dan peran Anda.
Detail kebijakan
-
Jenis: kebijakan AWS terkelola
-
Waktu pembuatan: 04 Juni 2026, 17:12 UTC
-
Waktu yang telah diedit: 04 Juni 2026, 17:12 UTC
-
ARN:
arn:aws:iam::aws:policy/EC2ImageBuilderExecutionPolicy
Versi kebijakan
Versi kebijakan: v1 (default)
Versi default kebijakan adalah versi yang menentukan izin untuk kebijakan tersebut. Saat pengguna atau peran dengan kebijakan membuat permintaan untuk mengakses AWS sumber daya, AWS periksa versi default kebijakan untuk menentukan apakah akan mengizinkan permintaan tersebut.
Dokumen kebijakan JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "RunInstancesPermissions", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:license-manager:*:*:license-configuration:*" ] }, { "Sid" : "RunInstancesWithEC2ImageBuilderRequestTagsPermissions", "Effect" : "Allow", "Action" : [ "ec2:RunInstances" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ] } } }, { "Sid" : "IAMPassRolePermissions", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/*" ], "Condition" : { "StringEquals" : { "iam:PassedToService" : [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "vmie.amazonaws.com" ] } } }, { "Sid" : "EC2InstanceStateChangePermissions", "Effect" : "Allow", "Action" : [ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2ReadOnlyPermissions", "Effect" : "Allow", "Action" : [ "ec2:DescribeExportImageTasks", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeImportImageTasks", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags" ], "Resource" : "*" }, { "Sid" : "EC2CopyPermissions", "Effect" : "Allow", "Action" : [ "ec2:CopyImage" ], "Resource" : "*" }, { "Sid" : "EC2CreateImagePermissionsForImage", "Effect" : "Allow", "Action" : [ "ec2:CreateImage" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2CreateImagePermissionsForInstance", "Effect" : "Allow", "Action" : [ "ec2:CreateImage" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2DeregisterImagePermissions", "Effect" : "Allow", "Action" : [ "ec2:DeregisterImage" ], "Resource" : [ "arn:aws:ec2:*::image/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2RegisterImagePermissionsForImage", "Effect" : "Allow", "Action" : [ "ec2:RegisterImage" ], "Resource" : [ "arn:aws:ec2:*::image/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2RegisterImagePermissionsForSnapshot", "Effect" : "Allow", "Action" : [ "ec2:RegisterImage" ], "Resource" : [ "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2ModifyImageAttributePermissions", "Effect" : "Allow", "Action" : [ "ec2:ModifyImageAttribute" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EC2SnapshotAttributeModificationPermissions", "Effect" : "Allow", "Action" : [ "ec2:ModifySnapshotAttribute" ], "Resource" : [ "arn:aws:ec2:*::snapshot/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "CreateTagsOnCreatePermissions", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : "*", "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ], "ec2:CreateAction" : [ "CreateImage", "RunInstances" ] } } }, { "Sid" : "CreateCustomerTagsPermissions", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:export-image-task/*" ] }, { "Sid" : "CreateEC2ImageBuilderTagsPermissions", "Effect" : "Allow", "Action" : [ "ec2:CreateTags" ], "Resource" : [ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : [ "EC2 Image Builder", "EC2 Fast Launch" ] } } }, { "Sid" : "UpdateCustomerLicensePermissions", "Effect" : "Allow", "Action" : [ "license-manager:UpdateLicenseSpecificationsForResource" ], "Resource" : [ "arn:aws:license-manager:*:*:license-configuration:*" ] }, { "Sid" : "PublishNotificationToCustomerSNSPermissions", "Effect" : "Allow", "Action" : [ "sns:Publish" ], "Resource" : [ "arn:aws:sns:*:*:*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "SystemsManagerPermissions", "Effect" : "Allow", "Action" : [ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:ListInventoryEntries" ], "Resource" : "*" }, { "Sid" : "SystemsManagerPermissionsForAssociation", "Effect" : "Allow", "Action" : [ "ssm:DescribeAssociationExecutions" ], "Resource" : [ "arn:aws:ssm:*:*:association/*" ] }, { "Sid" : "SystemsManagerPermissionsForInstance", "Effect" : "Allow", "Action" : [ "ssm:DescribeInstanceAssociationsStatus" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ] }, { "Sid" : "SendCommandDocumentPermissions", "Effect" : "Allow", "Action" : [ "ssm:SendCommand" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", "arn:aws:ssm:*:*:document/AWS-RunShellScript", "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep" ] }, { "Sid" : "SendCommandEC2ImageBuilderInstancePermissions", "Effect" : "Allow", "Action" : [ "ssm:SendCommand" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "InventoryCollectionAssociationPermissions", "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation" ], "Resource" : [ "arn:aws:ssm:*:*:association/*", "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory" ] }, { "Sid" : "InventoryCollectionInstancePermissions", "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "InventoryCollectionTagPermissions", "Effect" : "Allow", "Action" : [ "ssm:AddTagsToResource" ], "Resource" : [ "arn:aws:ssm:*:*:association/*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "DeleteInventoryCollectionAssociationPermissions", "Effect" : "Allow", "Action" : [ "ssm:DeleteAssociation" ], "Resource" : [ "arn:aws:ssm:*:*:association/*" ] }, { "Sid" : "EC2KMSPermissions", "Effect" : "Allow", "Action" : [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:GenerateDataKeyWithoutPlaintext" ], "Resource" : [ "arn:aws:kms:*:*:key/*" ], "Condition" : { "ForAllValues:StringEquals" : { "kms:EncryptionContextKeys" : [ "aws:ebs:id" ] }, "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Sid" : "EC2KMSDescribeKeyPermissions", "Effect" : "Allow", "Action" : [ "kms:DescribeKey" ], "Resource" : [ "arn:aws:kms:*:*:key/*" ], "Condition" : { "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Sid" : "EC2KMSGrantKeyPermissions", "Effect" : "Allow", "Action" : [ "kms:CreateGrant" ], "Resource" : [ "arn:aws:kms:*:*:key/*" ], "Condition" : { "Bool" : { "kms:GrantIsForAWSResource" : true }, "StringLike" : { "kms:ViaService" : [ "ec2.*.amazonaws.com" ] } } }, { "Sid" : "CrossAccountAssumeRolePermissions", "Effect" : "Allow", "Action" : [ "sts:AssumeRole" ], "Resource" : [ "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" ] }, { "Sid" : "CloudWatchLogsPermissions", "Effect" : "Allow", "Action" : [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource" : [ "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" ] }, { "Sid" : "LaunchTemplatePermissions", "Effect" : "Allow", "Action" : [ "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:ModifyLaunchTemplate" ], "Resource" : "*" }, { "Sid" : "ExportImageBuilderImagePermissions", "Effect" : "Allow", "Action" : [ "ec2:ExportImage" ], "Resource" : [ "arn:aws:ec2:*::image/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "CreateExportImageTaskPermissions", "Effect" : "Allow", "Action" : [ "ec2:ExportImage" ], "Resource" : [ "arn:aws:ec2:*:*:export-image-task/*" ] }, { "Sid" : "CancelExportImageTaskPermissions", "Effect" : "Allow", "Action" : [ "ec2:CancelExportTask" ], "Resource" : [ "arn:aws:ec2:*:*:export-image-task/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "CreateSLRForOtherServicesPermissions", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/*" ], "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "ssm.amazonaws.com", "ec2fastlaunch.amazonaws.com" ] } } }, { "Sid" : "EnableFastLaunchPermissions", "Effect" : "Allow", "Action" : [ "ec2:EnableFastLaunch" ], "Resource" : [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "ListInspectorFindingsPermissions", "Effect" : "Allow", "Action" : [ "inspector2:ListCoverage", "inspector2:ListFindings" ], "Resource" : "*" }, { "Sid" : "CreateECRImageForInspectorScanningPermissions", "Effect" : "Allow", "Action" : [ "ecr:CreateRepository", "ecr:TagResource" ], "Resource" : [ "arn:aws:ecr:*:*:repository/image-builder-*" ], "Condition" : { "StringEquals" : { "aws:RequestTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "DeleteECRImageForInspectorScanningPermissions", "Effect" : "Allow", "Action" : [ "ecr:BatchDeleteImage" ], "Resource" : [ "arn:aws:ecr:*:*:repository/image-builder-*" ], "Condition" : { "StringEquals" : { "aws:ResourceTag/CreatedBy" : "EC2 Image Builder" } } }, { "Sid" : "EventBridgePermissionsForInspectorScanning", "Effect" : "Allow", "Action" : [ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource" : [ "arn:aws:events:*:*:rule/ImageBuilder-*" ] }, { "Sid" : "ParameterStorePermissionsForImageBuilderParameters", "Effect" : "Allow", "Action" : [ "ssm:GetParameter", "ssm:PutParameter" ], "Resource" : [ "arn:aws:ssm:*:*:parameter/imagebuilder/*" ] }, { "Sid" : "ParameterStorePermissionsForServiceManagedParameters", "Effect" : "Allow", "Action" : [ "ssm:GetParameter" ], "Resource" : [ "arn:aws:ssm:*::parameter/aws/service/*" ] }, { "Sid" : "StartImagePipelineExecutionPermissions", "Effect" : "Allow", "Action" : [ "imagebuilder:StartImagePipelineExecution", "imagebuilder:TagResource" ], "Resource" : [ "arn:aws:imagebuilder:*:*:image-pipeline/*" ], "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } } ] }