AWS AMI Add "create volume" permissions to the following associated snapshots when creating permissions

What does the significance of the Add "create volume" permissions to the following associated snapshots when creating permissions indicate when we share an AMI to a different account ?

Can this be used for sharing an AMI to different account - but they wouldn't be able to take new AMI image out of it ?

enter image description here


Setting that permission will allow a user from the other account to create an EBS volume from that snapshot, independent of the AMI that you share with them.

If you don't check it, then they'll only be able to use the AMI (which uses that snapshot) to launch an instance, but they won't be able to create a separate EBS volume from it.

If you have access to an AMI, you can always create a new one from it by launching an instance from the original AMI, then saving a new AMI from that instance. AFAIK, there is no way to prevent that because once they have the instance launched from the AMI, it's out of your control.

The AWS docs are a little unclear on the purpose of that option, but this thread in the Developer Forums explains it a bit better.