Managing Permissions for a Snapshot

You can share a snapshot with one or more accounts in the same Region.

This enables them to create a volume or an OUTSCALE machine image (OMI) from your snapshot, or to copy it to their account. The snapshot still belongs to you and you can add or remove permissions to manage who can access it. To know which accounts have permission for a snapshot, see Getting Information About Your Snapshots.

To create a copy independent from the source snapshot, see Copying a Snapshot in the Same Region or Tutorial: Copying a Snapshot to a Different Region.

Managing Permissions for a Snapshot Using Cockpit v2

  1. In the Snapshots dashboard, check the box of the snapshot you want to share.
    The snapshot is selected.

  2. Click IconLock Update Permissions.
    The UPDATE SNAPSHOT PERMISSIONS dialog box appears.

    A list of the account IDs of the users that are allowed to use the snapshot is displayed, if any.

  3. To share the snapshot with one or more users, click IconAddFull Add and type their account IDs separated by a comma in the Shared Account ID field.

    To remove the permissions for a user, click IconDeleteRed next to its account ID.

  4. Click Update.
    The snapshot is shared with the users you specified.

Managing Permissions for a Snapshot Using OSC CLI

The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions or the Removals parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.

Request sample: Adding permission
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "AccountIds": ["987654321098"]
        }
      }'
Request sample: Removing permission
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "AccountIds": ["987654321098"]
        }
      }'
Request sample: Making an image public to everyone
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "GlobalPermission": True
        }
      }'
Request sample: Making an image private to everyone
$ osc-cli api UpdateSnapshot --profile "default" \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "GlobalPermission": True
        }
      }'

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • PermissionsToCreateVolume: Information about the permissions for the resource.
    Specify either the Additions or the Removals parameter.

    • Additions: (optional) Permissions for the resource.

      • AccountIds: (optional) One or more account IDs that the permission is associated with.

      • GlobalPermission: (optional) A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

    • Removals: (optional) Permissions for the resource.

      • AccountIds: (optional) One or more account IDs that the permission is associated with.

      • GlobalPermission: (optional) A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

  • SnapshotId: The ID of the snapshot.

The UpdateSnapshot command returns the following elements:

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

  • Snapshot: Information about the snapshot.

    • AccountAlias: The account alias of the owner of the snapshot.

    • AccountId: The account ID of the owner of the snapshot.

    • CreationDate: The date and time (UTC) at which the snapshot was created.

    • Description: The description of the snapshot.

    • PermissionsToCreateVolume: Permissions for the resource.

      • AccountIds: One or more account IDs that the permission is associated with.

      • GlobalPermission: A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

    • Progress: The progress of the snapshot, as a percentage.

    • SnapshotId: The ID of the snapshot.

    • State: The state of the snapshot (in-queue | pending | completed | error | deleting)).

    • Tags: One or more tags associated with the snapshot.

      • Key: The key of the tag, with a minimum of 1 character.

      • Value: The value of the tag, between 0 and 255 characters.

    • VolumeId: The ID of the volume used to create the snapshot.

    • VolumeSize: The size of the volume used to create the snapshot, in gibibytes (GiB).

Result sample: Adding permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": [
        "987654321098"
      ]
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Removing permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image public to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": true,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image private to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Managing Permissions for a Snapshot Using oapi-cli

The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions or the Removals parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.

Request sample: Adding permission
$ oapi-cli --profile "default" UpdateSnapshot \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "AccountIds": ["987654321098"]
        }
      }'
Request sample: Removing permission
$ oapi-cli --profile "default" UpdateSnapshot \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "AccountIds": ["987654321098"]
        }
      }'
Request sample: Making an image public to everyone
$ oapi-cli --profile "default" UpdateSnapshot \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Additions": {
          "GlobalPermission": True
        }
      }'
Request sample: Making an image private to everyone
$ oapi-cli --profile "default" UpdateSnapshot \
    --SnapshotId "snap-12345678" \
    --PermissionsToCreateVolume '{
        "Removals": {
          "GlobalPermission": True
        }
      }'

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • PermissionsToCreateVolume: Information about the permissions for the resource.
    Specify either the Additions or the Removals parameter.

    • Additions: (optional) Permissions for the resource.

      • AccountIds: (optional) One or more account IDs that the permission is associated with.

      • GlobalPermission: (optional) A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

    • Removals: (optional) Permissions for the resource.

      • AccountIds: (optional) One or more account IDs that the permission is associated with.

      • GlobalPermission: (optional) A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

  • SnapshotId: The ID of the snapshot.

The UpdateSnapshot command returns the following elements:

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

  • Snapshot: Information about the snapshot.

    • AccountAlias: The account alias of the owner of the snapshot.

    • AccountId: The account ID of the owner of the snapshot.

    • CreationDate: The date and time (UTC) at which the snapshot was created.

    • Description: The description of the snapshot.

    • PermissionsToCreateVolume: Permissions for the resource.

      • AccountIds: One or more account IDs that the permission is associated with.

      • GlobalPermission: A global permission for all accounts.
        (Request) Set this parameter to true to make the resource public (if the parent parameter is Additions) or to make the resource private (if the parent parameter is Removals).
        (Response) If true, the resource is public. If false, the resource is private.

    • Progress: The progress of the snapshot, as a percentage.

    • SnapshotId: The ID of the snapshot.

    • State: The state of the snapshot (in-queue | pending | completed | error | deleting)).

    • Tags: One or more tags associated with the snapshot.

      • Key: The key of the tag, with a minimum of 1 character.

      • Value: The value of the tag, between 0 and 255 characters.

    • VolumeId: The ID of the volume used to create the snapshot.

    • VolumeSize: The size of the volume used to create the snapshot, in gibibytes (GiB).

Result sample: Adding permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": [
        "987654321098"
      ]
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Removing permission
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image public to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": true,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}
Result sample: Making an image private to everyone
{
  "Snapshot": {
    "VolumeSize": 10,
    "AccountId": "123456789012",
    "VolumeId": "vol-12345678",
    "CreationDate": "2010-10-01T12:34:56.789Z",
    "PermissionsToCreateVolume": {
      "GlobalPermission": false,
      "AccountIds": []
    },
    "Progress": 100,
    "SnapshotId": "snap-12345678",
    "State": "completed",
    "Description": "Snapshot created from a volume",
    "Tags": []
  },
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  }
}

Managing Permissions for a Snapshot Using AWS CLI

Before you begin: Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.

To share a snapshot with other accounts or to remove permissions, use the modify-snapshot-attribute command following this syntax:

Request sample
$ aws ec2 modify-snapshot-attribute \
    --profile YOUR_PROFILE \
    --snapshot-id snap-12345678 \
    --attribute createVolumePermission \
    --operation-type add \
    --user-ids 123456789012,123456789013 \
    --group NOT_SPECIFIED \
    --endpoint https://fcu.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • snapshot-id: The ID of the snapshot you want to share.

  • attribute: This parameter must be set to createVolumePermission.

  • operation-type: The type of operation you want to perform regarding permissions. This attribute requires one of the following elements:

    • add: One or more permissions to add.

    • remove: One or more permissions to remove.

  • (optional) user-ids: One or more account IDs you want to share the snapshot with or remove permission for.

  • (optional) group: The name of the group you want to share the snapshot with or remove permission for (all if public, otherwise empty).

  • endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The permissions for the snapshot are modified.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.