ec2:createTags
Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.
Policies (any)
2
Allow (Action)
2
Deny (Action)
0
NotAction
0
Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).
Action reference
SAR-style (unofficial)Service: Amazon EC2
Access level
TaggingDescription
Grants permission to add or overwrite one or more tags for Amazon EC2 resources
Resource types (first 30)
- capacity-block
- capacity-manager-data-export
- capacity-reservation
- capacity-reservation-fleet
- carrier-gateway
- client-vpn-endpoint
- coip-pool
- customer-gateway
- declarative-policies-report
- dedicated-host
- dhcp-options
- egress-only-internet-gateway
- elastic-gpu
- elastic-ip
- export-image-task
- export-instance-task
- fleet
- fpga-image
- host-reservation
- image
- image-usage-report
- import-image-task
- import-snapshot-task
- instance
- instance-connect-endpoint
- instance-event-window
- internet-gateway
- ipam
- ipam-external-resource-verification-token
- ipam-policy
Allow (Action)
Deny (Action)
None
NotAction
None
Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.
Definitions bundle generated 4/7/2026, 3:29:24 AM