To use the EC2 Recovery Kit, the instance must have Roles that are allowed to update the RouteTable entries or reassign ENI (Elastic Network Interface).
- ec2:DisassociateAddress
- ec2:DescribeAddresses
- ec2:AssociateAddress
- ec2:DescribeRouteTables
- ec2:ReplaceRoute
To achieve this, create a policy as seen below (note that it might be desirable to limit the resources that may be accessed), then assign it to a Role.
Once a Role is defined, assign it to the EC2 instances.
このトピックへフィードバック