Managing Permissions for a Snapshot
You can share a snapshot with one or more accounts in the same Region.
This enables them to create a volume or an OUTSCALE machine image (OMI) from your snapshot, or to copy it to their account. The snapshot still belongs to you and you can add or remove permissions to manage who can access it. To know which accounts have permission for a snapshot, see Getting Information About Your Snapshots.
To create a copy independent from the source snapshot, see Copying a Snapshot in the Same Region or Tutorial: Copying a Snapshot to a Different Region.
Managing Permissions for a Snapshot Using Cockpit v2
-
Click inside the Snapshots dashboard to make checkboxes appear.
-
Check the box of the snapshot you want to share.
The snapshot is selected and an action menu appears. -
Click Update Permissions.
The UPDATE SNAPSHOT PERMISSIONS dialog box appears.A list of the account IDs of the users that are allowed to use the snapshot is displayed, if any.
-
To share the snapshot with one or more users, click Add and type their account IDs separated by a comma in the Shared Account ID field.
To remove the permissions for a user, click next to its account ID.
-
Click Update.
The snapshot is shared with the users you specified.
Managing Permissions for a Snapshot Using OSC CLI
The UpdateSnapshot command modifies the permissions for a specified snapshot.
You must specify either the Additions
or the Removals
parameter.
After sharing a snapshot with an account, the other account can create a copy of it that they own. For more information about copying snapshots, see CreateSnapshot.
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"AccountIds": ["987654321098"],
},
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"AccountIds": ["987654321098"],
},
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Additions": {
"GlobalPermission": True,
},
}'
$ osc-cli api UpdateSnapshot --profile "default" \
--SnapshotId "snap-12345678" \
--PermissionsToCreateVolume '{
"Removals": {
"GlobalPermission": True,
},
}'
This command contains the following attributes that you need to specify:
-
DryRun
: (optional) If true, checks whether you have the required permissions to perform the action. -
PermissionsToCreateVolume
: Information about the permissions for the resource.
Specify either theAdditions
or theRemovals
parameter. -
SnapshotId
: The ID of the snapshot.
The UpdateSnapshot command returns the following elements:
-
ResponseContext
: Information about the context of the response. -
Snapshot
: Information about the snapshot.
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": [
"987654321098"
]
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": true,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
{
"Snapshot": {
"VolumeSize": 10,
"AccountId": "123456789012",
"VolumeId": "vol-12345678",
"CreationDate": "2010-10-01T12:34:56.789Z",
"PermissionsToCreateVolume": {
"GlobalPermission": false,
"AccountIds": []
},
"Progress": 100,
"SnapshotId": "snap-12345678",
"State": "completed",
"Description": "Snapshot created from a volume",
"Tags": []
},
"ResponseContext": {
"RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
}
}
Managing Permissions for a Snapshot Using AWS CLI
To share a snapshot with other accounts or to remove permissions, use the modify-snapshot-attribute command following this syntax:
$ aws ec2 modify-snapshot-attribute \
--profile YOUR_PROFILE \
--snapshot-id snap-12345678 \
--attribute createVolumePermission \
--operation-type add \
--user-ids 123456789012,123456789013 \
[--group NOT_SPECIFIED] \
--endpoint https://fcu.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
snapshot-id
: The ID of the snapshot you want to share. -
attribute
: This parameter must be set tocreateVolumePermission
. -
operation-type
: The type of operation you want to perform regarding permissions. This attribute requires one of the following elements:-
add
: One or more permissions to add. -
remove
: One or more permissions to remove.
-
-
(optional)
user-ids
: One or more account IDs you want to share the snapshot with or remove permission for. -
(optional)
group
: The name of the group you want to share the snapshot with or remove permission for (all
if public, otherwise empty). -
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The permissions for the snapshot are modified.
Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.