ec2:CreateTags

Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.

Policies (any)

167

Allow (Action)

167

Deny (Action)

2

NotAction

3

Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).

Action reference

SAR-style (unofficial)

Service: Amazon EC2

Access level

Tagging

Description

Grants permission to add or overwrite one or more tags for Amazon EC2 resources

Resource types (first 30)

  • capacity-block
  • capacity-manager-data-export
  • capacity-reservation
  • capacity-reservation-fleet
  • carrier-gateway
  • client-vpn-endpoint
  • coip-pool
  • customer-gateway
  • declarative-policies-report
  • dedicated-host
  • dhcp-options
  • egress-only-internet-gateway
  • elastic-gpu
  • elastic-ip
  • export-image-task
  • export-instance-task
  • fleet
  • fpga-image
  • host-reservation
  • image
  • image-usage-report
  • import-image-task
  • import-snapshot-task
  • instance
  • instance-connect-endpoint
  • instance-event-window
  • internet-gateway
  • ipam
  • ipam-external-resource-verification-token
  • ipam-policy

Allow (Action)

Deny (Action)

NotAction

Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.

Definitions bundle generated 4/7/2026, 3:29:24 AM