Which IAM permissions are needed for ec2-create-image?
Solution 1:
Unfortunately you can't lock this down on a resource level at the moment. There are a bunch of EC2 actions that doesn't support resource level permissions and ec2:CreateImage
is one of them.
Solution 2:
Creating image also involves creation of snapshots attached to that instance. Below IAM policy should work.
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"ec2:CreateSnapshot",
"ec2:CreateImage"
],
"Resource": [
"*"
]
}