ec2:DescribeTags
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
50
Allow (Action)
50
Deny (Action)
0
NotAction
0
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon EC2
Access level
ListDescription
Grants permission to describe one or more tags for an Amazon EC2 resource
Allow (Action)
- AWSApplicationMigrationFullAccess
- AWSBackupServiceRolePolicyForBackup
- AWSConnector
- AWSDeepRacerCloudFormationAccessPolicy
- AWSEC2SqlHaServiceRolePolicy
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSHealthOmicsServiceLinkedRolePolicy
- AWSManagedServices_ContactsServiceRolePolicy
- AWSMarketplaceFullAccess
- AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess
- AWSMigrationHubRefactorSpacesFullAccess
- AWSPCSServiceRolePolicy
- AWSQuickSetupSchedulerPermissionsBoundary
- AWSQuickSetupStartStopInstancesExecutionPolicy
- AWSResilienceHubAsssessmentExecutionPolicy
- AWSResourceExplorerServiceRolePolicy
- AWSSSMForSAPServiceLinkedRolePolicy
- AWSServiceRoleForImageBuilder
- AWSServiceRolePolicyForBackupRestoreTesting
- AWSSystemsManagerJustInTimeAccessServicePolicy
- AWSThinkboxAWSPortalAdminPolicy
- AWSThinkboxAWSPortalWorkerPolicy
- AWSThinkboxDeadlineSpotEventPluginWorkerPolicy
- AmazonApplicationWizardFullaccess
- AmazonEBSCSIDriverPolicy
- AmazonEC2ContainerServiceforEC2Role
- AmazonEKSLocalOutpostClusterPolicy
- AmazonEKSServiceRolePolicy
- AmazonEKS_CNI_Policy
- AmazonElasticMapReduceEditorsRole
- AmazonElasticMapReduceRole
- AmazonGrafanaCloudWatchAccess
- AmazonInspectorFullAccess
- AmazonInspectorReadOnlyAccess
- AmazonInspectorServiceRolePolicy
- AmazonLambdaRolePolicyForLaunchWizardSAP
- AmazonOpenSearchServiceRolePolicy
- AmazonRDSCustomPreviewServiceRolePolicy
- AmazonRDSCustomServiceRolePolicy
- AmazonSSMAutomationRole
- AmazonVPCFullAccess
- AmazonVPCReadOnlyAccess
- CloudWatchAgentAdminPolicy
- CloudWatchAgentServerPolicy
- EC2FastLaunchFullAccess
- FMSServiceRolePolicy
- NetworkAdministrator
- ROSAAmazonEBSCSIDriverOperatorPolicy
- SupportUser
- ViewOnlyAccess
Deny (Action)
None
NotAction
None
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM