Posted On: Apr 22, 2025
Amazon Elastic Block Store (EBS) now supports additional resource-level permissions for copying EBS snapshots. When moving your data across Regions, accounts, and Availability Zones, you can copy any snapshot accessible to you to another Region or account, including snapshots created by you or shared with you. With this launch, you have more granular controls to set resource-level permissions for the snapshot copy and selection of the source snapshot. This allows you to control the IAM identities that can copy EBS snapshot from source snapshots, and the conditions that they can use these source snapshots for the snapshot copy operation.
To meet your specific permission needs on the source snapshots, you can also specify any of 6 EC2-specific condition keys for your CopySnapshot action in your IAM policy: ec2:Encrypted, ec2:VolumeSize, ec2:Owner, ec2:ParentVolume, ec2:ParentSnapshot and ec2:SnapshotTime.Additionally, you can use global condition keys for the source snapshot.
This new resource-level permission model is available in all Amazon Web Service Regions where EBS snapshots are available including the Amazon Web Services China (Beijing) Region, operated by Sinnet and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more about using resource-level permissions to copy EBS snapshots, or transitioning to the new resource-level permission model from previous permission model, please visit the launch blog. For more information about EBS products, please visit our documentation.
