Managing Permissions for a Snapshot

You can share a snapshot with one or more accounts in the same Region.

This enables them to create a volume or an OUTSCALE machine image (OMI) from your snapshot, or to copy it to their account. The snapshot still belongs to you and you can add or remove permissions to manage who can access it. To know which accounts have permission for a snapshot, see Getting Information About Your Snapshots.

To create a copy independent from the source snapshot, see Copying a Snapshot in the Same Region or Tutorial: Copying a Snapshot to a Different Region.

Managing Permissions for a Snapshot Using Cockpit v2

  1. Click inside the Snapshots dashboard to make checkboxes appear.

  2. Check the box of the snapshot you want to share.
    The snapshot is selected and an action menu appears.

  3. Click IconLock Update Permissions.
    The UPDATE SNAPSHOT PERMISSIONS dialog box appears.

    A list of the account IDs of the users that are allowed to use the snapshot is displayed, if any.

  4. To share the snapshot with one or more users, click IconAddFull Add and type their account IDs separated by a comma in the Shared Account ID field.

    To remove the permissions for a user, click IconStateTerminated next to its account ID.

  5. Click Update.
    The snapshot is shared with the users you specified.

Managing Permissions for a Snapshot Using OSC CLI

The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions or the Removals parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.

Request sample: Adding permission
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "AccountIds": ["987654321098"],
        },
      }'
Request sample: Removing permission
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "AccountIds": ["987654321098"],
        },
      }'
Request sample: Making an image public to everyone
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "GlobalPermission": True,
        },
      }'
Request sample: Making an image private to everyone
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "GlobalPermission": True,
        },
      }'

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • PermissionsToCreateVolume: Information about the permissions for the resource.
    Specify either the Additions or the Removals parameter.

  • SnapshotId: The ID of the snapshot.

The UpdateSnapshot command returns the following elements:

  • ResponseContext: Information about the context of the response.

  • Snapshot: Information about the snapshot.

Result sample: Adding permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": [
        "987654321098"
      ]
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Removing permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image public to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": true,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image private to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Managing Permissions for a Snapshot Using AWS CLI

To share a snapshot with other accounts or to remove permissions, use the modify-snapshot-attribute command following this syntax:

Request sample
$ aws ec2 modify-snapshot-attribute \
    --profile YOUR_PROFILE \
    --snapshot-id snap-12345678 \
    --attribute createVolumePermission \
    --operation-type add \
    --user-ids 123456789012,123456789013 \
    [--group NOT_SPECIFIED] \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • snapshot-id: The ID of the snapshot you want to share.

  • attribute: This parameter must be set to createVolumePermission.

  • operation-type: The type of operation you want to perform regarding permissions. This attribute requires one of the following elements:

    • add: One or more permissions to add.

    • remove: One or more permissions to remove.

  • (optional) user-ids: One or more account IDs you want to share the snapshot with or remove permission for.

  • (optional) group: The name of the group you want to share the snapshot with or remove permission for (all if public, otherwise empty).

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The permissions for the snapshot are modified.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.