Amazon managed policies for Amazon Elastic Beanstalk
An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.
Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.
You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Services service is launched or new API operations become available for existing services.
For more information, see Amazon managed policies in the IAM User Guide.
Elastic Beanstalk updates to Amazon managed policies
View details about updates to Amazon managed policies for Elastic Beanstalk since March 1, 2021.
To see the JSON source for a specific managed policy, see the Amazon Managed Policy Reference Guide.
| Change | Description | Date |
|---|---|---|
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to perform managed updates when Tag propagation to launch templates is enabled. For more information, see Managed service role policies. |
February 27, 2025 |
|
AdministratorAccess-AWSElasticBeanstalk –Updated existing policy |
This policy was updated to replace the StringLike operator with the ArnLike operator to evaluate
the ARN-type keys in the condition block For more information, see Managing Elastic Beanstalk user policies. |
December 11, 2024 |
|
The following polices were updated:
|
These policies were updated to allow Elastic Beanstalk to add or remove tags when it creates or updates an Amazon CloudFormation stack or change set. For more information about For more information about |
April 30, 2024 |
|
AWSElasticBeanstalkService –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Elastic Load Balancing, Auto Scaling groups (ASG), and Amazon ECS. NoteThis policy has been previously superseded by For more information, see Managed service role policies. |
May 10, 2023 |
|
AWSElasticBeanstalkMulticontainerDocker –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Managing Elastic Beanstalk instance profiles. |
March 23, 2023 |
|
AWSElasticBeanstalkRoleECS –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Policies for integration with other services. |
March 23, 2023 |
|
AdministratorAccess-AWSElasticBeanstalk –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to tag resources upon creation for Amazon ECS. For more information, see Managing Elastic Beanstalk user policies. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Amazon ECS resources when it creates them. For more information, see Service-linked role permissions for Elastic Beanstalk. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Amazon ECS resources when it creates them. For more information, see Managed service role policies. |
March 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags to Auto Scaling groups when it creates them. For more information, see The managed-updates service-linked role. |
January 27, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags on create of an Auto Scaling group (ASG). For more information, see Managed service role policies. |
January 23, 2023 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to add tags on create of an elastic load balancer (ELB). For more information, see Managed service role policies. |
December 21, 2022 |
|
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy –Updated existing policy |
Permissions were added to this policy to allow Elastic Beanstalk to do the following during managed updates:
For more information, see The managed-updates service-linked role. |
August 23, 2022 |
|
AWSElasticBeanstalkReadOnlyAccess – Deprecated GovCloud (US) Amazon Web Services Region |
This policy has been replaced by This policy will be phased out in the GovCloud (US) Amazon Web Services Region. When this policy is phased out, it will no longer be available for attachment to new IAM users, groups, or roles after June 17, 2021. For more information, see User policies. |
June 17, 2021 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy –Updated existing policy |
This policy was updated to allow Elastic Beanstalk to read attributes for EC2 Availability Zones. It enables Elastic Beanstalk to provide more effective validation of your instance type selection across Availability Zones. For more information, see Managed service role policies. |
June 16, 2021 |
|
AWSElasticBeanstalkFullAccess – Deprecated GovCloud (US) Amazon Web Services Region |
This policy has been replaced by This policy will be phased out in the GovCloud (US) Amazon Web Services Region. When this policy is phased out, it will no longer be available for attachment to new IAM users, groups, or roles after June 10, 2021. For more information, see User policies. |
June 10, 2021 |
|
The following managed policies were deprecated in all of the China Amazon Web Services Regions:
|
The The These policies were phased out in all of the China Amazon Web Services Regions. These policies will no longer be available for attachment to new IAM users, groups, or roles after June 3, 2021. For more information, see User policies. |
June 3, 2021 |
|
AWSElasticBeanstalkService – Deprecated |
This policy has been superseded by This policy is phased out and is no longer available for attachment to new IAM users, groups, or roles. For more information, see Managed service role policies. |
June 2021 - January 2022 |
|
The following managed policies were deprecated in all Amazon Web Services Regions, except for China and GovCloud (US):
|
The The These policies were phased out in all the Amazon Web Services Regions, except for China and GovCloud (US). These policies will no longer be available for attachment to new IAM users, groups, or roles after April 16, 2021. For more information, see User policies. |
April 16, 2021 |
|
The following managed policies were updated:
|
Both of these policies now support PassRole permissions in China Amazon Web Services Regions. For more information about For more information about |
March 9, 2021 |
|
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy – New policy |
Elastic Beanstalk added a new policy to replace the This new managed policy improves security for your resources by applying a more restrictive set of permissions. For more information, see Managed service role policies. |
March 3, 2021 |
|
Elastic Beanstalk started tracking changes |
Elastic Beanstalk started tracking changes for Amazon managed policies. |
March 1, 2021 |