Posted On: Jun 14, 2022
You can now use Identity and Access Management (IAM) condition keys to specify which resource types are permitted in the retention rules created for Recycle Bin. With Recycle Bin, you can retain deleted EBS snapshots and EBS-backed AMIs for a period of time so that you can recover them in the event of an accidental deletion. You can enable Recycle Bin for all or a subset of the Snapshots or AMIs in your account by creating one or more retention rule. Each rule also specifies a retention time period. A deleted EBS snapshot or de-registered AMI can be recovered from the Recycle Bin before the expiration of the retention period.
By using condition keys with Recycle Bin's retention rule APIs, you can enforce policies across any or all of your retention rule APIs based on the resource type addressed by your retention rule. This allows you to create separate administrative roles for managing EBS snapshots and EC2 AMIs. You can separate permissions by resource type, such as limiting permissions to only create retention rules for EBS snapshots. The new condition keys for Recycle Bin are available in all regions where Recycle Bin is available.
To learn more about how to use the new condition keys for Recycle Bin, please see the examples in the Recycle Bin developer guide. To learn more about using IAM condition keys, see IAM JSON Policy Elements: Condition, in the IAM User Guide.