Required IAM permissions - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Required IAM permissions

By default, users don't have permission to work with Recycle Bin, retention rules, or with resources that are in the Recycle Bin. To allow users to work with these resources, you must create IAM policies that grant permission to use specific resources and API actions. Once the policies are created, you must add permissions to your users, groups, or roles.

Permissions for working with Recycle Bin and retention rules

To work with Recycle Bin and retention rules, users need the following permissions.

  • rbin:CreateRule

  • rbin:UpdateRule

  • rbin:GetRule

  • rbin:ListRules

  • rbin:DeleteRule

  • rbin:TagResource

  • rbin:UntagResource

  • rbin:ListTagsForResource

  • rbin:LockRule

  • rbin:UnlockRule

To use the Recycle Bin console, users need the tag:GetResources permission.

The following is an example IAM policy that includes the tag:GetResources permission for console users. If some permissions are not needed, you can remove them from the policy.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "rbin:CreateRule", "rbin:UpdateRule", "rbin:GetRule", "rbin:ListRules", "rbin:DeleteRule", "rbin:TagResource", "rbin:UntagResource", "rbin:ListTagsForResource", "rbin:LockRule", "rbin:UnlockRule", "tag:GetResources" ], "Resource": "*" }] }

To provide access, add permissions to your users, groups, or roles:

Permissions for working with resources in the Recycle Bin

For more information about the IAM permissions needed to work with resources in the Recycle Bin, see the following: