IAM permissions
The IAM role that's attached to your Amazon EC2 Windows instance must have permission to
create application-consistent snapshots with VSS. To grant the necessary permissions,
you can attach the AWSEC2VssSnapshotPolicy
policy to your
instance profile.
The policy enables Systems Manager to perform the following actions:
-
Create and tag EBS snapshots
-
Create and tag Amazon Machine Images (AMIs)
-
Attach metadata, such as the device ID, to the default snapshot tags that VSS creates.