ec2:TerminateInstances
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
74
Allow (Action)
74
Deny (Action)
0
NotAction
1
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon EC2
Access level
WriteDescription
Grants permission to shut down one or more instances
Resource types
- instance*
Allow (Action)
- AWSApplicationMigrationEC2Access
- AWSApplicationMigrationServiceRolePolicy
- AWSBackupServiceRolePolicyForRestores
- AWSBatchServiceRole
- AWSCloud9ServiceRolePolicy
- AWSCodeDeployRole
- AWSConnector
- AWSDataPipelineRole
- AWSEC2FleetServiceRolePolicy
- AWSEC2SpotFleetServiceRolePolicy
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
- AWSElasticBeanstalkManagedUpdatesServiceRolePolicy
- AWSElasticBeanstalkRoleCore
- AWSElasticBeanstalkService
- AWSElasticDisasterRecoveryConsoleFullAccess
- AWSElasticDisasterRecoveryConsoleFullAccess_v2
- AWSElasticDisasterRecoveryServiceRolePolicy
- AWSFaultInjectionSimulatorEC2Access
- AWSFaultInjectionSimulatorEKSAccess
- AWSGlueConsoleFullAccess
- AWSGlueConsoleSageMakerNotebookFullAccess
- AWSIoTDeviceTesterForFreeRTOSFullAccess
- AWSLambdaServiceRolePolicy
- AWSLicenseManagerUserSubscriptionsServiceRolePolicy
- AWSMarketplaceFullAccess
- AWSMarketplaceImageBuildFullAccess
- AWSOpsWorksCMServiceRole
- AWSPCSServiceRolePolicy
- AWSServiceRoleForEC2ScheduledInstances
- AWSServiceRoleForImageBuilder
- AWSServiceRoleForSMS
- AWSServiceRolePolicyForBackupRestoreTesting
- AWSServiceRolePolicyForWorkspacesInstances
- AWSThinkboxAWSPortalAdminPolicy
- AWSThinkboxAWSPortalWorkerPolicy
- AWSThinkboxDeadlineResourceTrackerAccessPolicy
- AWSThinkboxDeadlineSpotEventPluginAdminPolicy
- AWSThinkboxDeadlineSpotEventPluginWorkerPolicy
- AWSTransformApplicationDeploymentPolicy
- AdministratorAccess-AWSElasticBeanstalk
- AmazonApplicationWizardFullaccess
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonEC2SpotFleetRole
- AmazonEC2SpotFleetTaggingRole
- AmazonECSComputeServiceRolePolicy
- AmazonEKSLocalOutpostServiceRolePolicy
- AmazonEKSServiceRolePolicy
- AmazonEMRCleanupPolicy
- AmazonEMRServicePolicy_v2
- AmazonEVSServiceRolePolicy
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceRole
- AmazonLaunchWizardFullAccessV2
- AmazonLaunchWizardFullaccess
- AmazonLaunchWizard_Fullaccess
- AmazonRDSCustomPreviewServiceRolePolicy
- AmazonRDSCustomServiceRolePolicy
- AmazonSSMAutomationRole
- AutoScalingServiceRolePolicy
- BatchServiceRolePolicy
- CloudWatchActionsEC2Access
- CloudWatchEventsBuiltInTargetExecutionAccess
- CloudWatchEventsServiceRolePolicy
- DataScientist
- EC2FastLaunchServiceRolePolicy
- EC2FleetTimeShiftableServiceRolePolicy
- GameLiftGameServerGroupPolicy
- ROSAInstallerPolicy
- ROSANodePoolManagementPolicy
- ROSASRESupportPolicy
- SageMakerStudioProjectUserRolePermissionsBoundary
- ServerMigrationServiceLaunchRole
- SystemAdministrator
Deny (Action)
None
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM