To use the EC2 Recovery Kit, the instance must have Roles that are allowed to update the RouteTable entries or reassign ENI (Elastic Network Interface).

  • Route Table (backend) configuration
    • ec2:DescribeRouteTables
    • ec2:ReplaceRoute
    • ec2:DescribeNetworkInterfaceAttribute
    • ec2:ModifyNetworkInterfaceAttribute
  • Elastic IP (frontend) configuration
    • ec2:DescribeAddresses
    • ec2:AssociateAddress
    • ec2:DisassociateAddress

To achieve this, create a policy as seen below (note that it might be desirable to limit the resources that may be accessed), then assign it to a Role.

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "*"

Once a Role is defined, assign it to the EC2 instances.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment