AWS AMI Add "create volume" permissions to the following associated snapshots when creating permissions
What does the significance of the Add "create volume" permissions to the following associated snapshots when creating permissions
indicate when we share an AMI to a different account ?
Can this be used for sharing an AMI to different account - but they wouldn't be able to take new AMI image out of it ?
Setting that permission will allow a user from the other account to create an EBS volume from that snapshot, independent of the AMI that you share with them.
If you don't check it, then they'll only be able to use the AMI (which uses that snapshot) to launch an instance, but they won't be able to create a separate EBS volume from it.
If you have access to an AMI, you can always create a new one from it by launching an instance from the original AMI, then saving a new AMI from that instance. AFAIK, there is no way to prevent that because once they have the instance launched from the AMI, it's out of your control.
The AWS docs are a little unclear on the purpose of that option, but this thread in the Developer Forums explains it a bit better.