AWS managed policies for AWS Application Migration Service

An AWS managed policy is a standalone policy that is created and administered by AWS. AWS managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that AWS managed policies might not grant least-privilege permissions for your specific use cases because they're available for all AWS customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in AWS managed policies. If AWS updates the permissions defined in an AWS managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. AWS is most likely to update an AWS managed policy when a new AWS service is launched or new API operations become available for existing services.

For more information, see AWS managed policies in the IAM User Guide.

AWS MGN updates for AWS managed policies

View details about updates to AWS managed policies for AWS Application Migration Service since March 1, 2021.

Change	Description	Date
AWSApplicationMigrationServiceRolePolicy – Updated policy	Added permission to tag network instances during RunInstances.	March 13, 2025
AWSApplicationMigrationEC2Access – Updated policy	Added permission to tag network instances during RunInstances.	February 11, 2025
AWSApplicationMigrationServiceRolePolicy – Updated policy AWSApplicationMigrationEC2Access – Updated policy	Created new revisions of AWSApplicationMigrationServiceRolePolicy and AWSApplicationMigrationEC2Access managed policies to support a change in authentication with EBS APIs.	January 08, 2025
AWSApplicationMigrationFullAccess – Updated policy	Updated the AWSApplicationMigrationFullAccess policy to support SecureString parameter type in SSM Parameters Store for post-migration framework actions.	March 10, 2024
AWSApplicationMigrationServiceEc2InstancePolicy – Updated policy	Created a new revision of the managed policy to support MGN in GovCloud and added SID to statements in the managed policy	December 28, 2023
AWSApplicationMigrationServiceEc2InstancePolicy – New policy	This policy allows installing and using the AWS Replication Agent, which is used by AWS Application Migration Service (AWS MGN) to migrate source servers that run on EC2 (cross-Region or cross-AZ). An IAM role with this policy should be attached (as an EC2 Instance Profile) to the EC2 Instances.	August 21, 2023
AWSApplicationMigrationServiceRolePolicy – Updated policy	Updated the AWSApplicationMigrationServiceRolePolicy with Organizations permissions to support the global view feature.	June 18, 2023
AWSApplicationMigrationFullAccess – Updated policy	Updated the AWSApplicationMigrationFullAccess policy to support specific automation SSM documents.	April 1, 2023
AWSApplicationMigrationFullAccess – Updated policy AWSApplicationMigrationSSMAccess – Updated policy AWSApplicationMigrationReadOnlyAccess – Created policy	Updated the AWSApplicationMigrationFullAccess policy to support both command and automation SSM documents for post-migration framework actions. Updated the AWSApplicationMigrationSSMAccess policy to support both command and automation SSM documents for the custom actions feature. Updated the AWSApplicationMigrationReadOnlyAccess policy to support the new import and export feature.	March 21, 2023
AWSApplicationMigrationEC2Access – Updated policy	Updated the AWSApplicationMigrationEC2Access policy to support: DescribeSnapshots, DescribeImages, DescribeVolumes.	January 29, 2023
AWSApplicationMigrationEC2Access – Updated policy AWSApplicationMigrationReadOnlyAccess – Updated policy AWSApplicationMigrationSSMAccess – Created policy	Updated the AWSApplicationMigrationEC2Access policy to support: CreateLaunchTemplate, DeleteLaunchTemplate. Updated the AWSApplicationMigrationReadOnlyAccess policy to support: DescribeLaunchConfigurationTemplates, ListSourceServerActions, ListTemplateActions, ListApplications, ListWaves. Created new AWSApplicationMigrationSSMAccess policy to support new custom actions feature.	November 28, 2022
AWSApplicationMigrationAgentPolicy – Updated policy AWSApplicationMigrationAgentInstallationPolicy – Updated policy	Updated the AWSApplicationMigrationAgentPolicy policy and the AWSApplicationMigrationAgentInstallationPolicy policy to support sending additional metrics during the agent installation process.	September 20, 2022
AWSApplicationMigrationAgentInstallationPolicy – New policy	AWS MGN added a new policy. This policy allows installing the AWS Replication Agent, which is used with Application Migration Service to migrate source servers to AWS. Attach this policy to your users or roles whose credentials you provide during the installation step of the AWS Replication Agent. The installed AWS Replication Agent will communicate with Application Migration Service using the recommended strong authentication method.	June 15, 2022
AWSApplicationMigrationFullAccess – Updated policy	Updated the AWSApplicationMigrationFullAccess policy to to support the Post Migration Framework.	May 16, 2022
AWSApplicationMigrationAgentPolicy_v2 – New policy	AWS Application Migration Service added a new policy. This policy allows using the AWS Replication Agent, which is used with AWS Application Migration Service to migrate source servers to AWS. We do not recommend that you attach this policy to your users or roles.	May 10, 2022
AWSApplicationMigrationReadOnlyAccess – Updated policy	Updated the AWSApplicationMigrationReadOnlyAccess policy to include service quotas.	April 3, 2022
AWSApplicationMigrationEC2Access – Updated policy	Updated the AWSApplicationMigrationEC2Access policy to add additional permissions and restrict certain existing permissions. This policy is only intended to be used for the AWS MGN console. The restriction prevents certain requests from being called directly by the calling identity, whilst enabling an AWS Application Migration Service (AWS MGN) to make the request to EC2 on behalf of the calling identity.	March 2, 2022
AWSApplicationMigrationServiceRolePolicy – Updated policy	AWS Application Migration Service added a new policy to allow AWS Application Migration Service to manage AWS resources on your behalf.	December 15, 2021
AWSApplicationMigrationVCenterClientPolicy – New policy	AWS Application Migration Service added a new policy that allows the installation and usage of the AWS vCenter Appliance.	November 7, 2021
AWSApplicationMigrationAgentPolicy – New policy	AWS Application Migration Service added a new policy to allow the installation of the AWS Replication Agent on source servers.	April 18, 2021
AWSApplicationMigrationConversionServerPolicy – New policy	AWS Application Migration Service added a new policy that allows AWS Application Migration Service to communicate with the service.	April 18, 2021
AWSApplicationMigrationMGHAccess – New policy	AWS Application Migration Service added a new policy to allow AWS Application Migration Service access to your account's AWS Migration Hub	April 18, 2021
AWSApplicationMigrationReplicationServerPolicy – New policy	AWS Application Migration Service added a new policy to allow the AWS Application Migration Service replication servers to communicate with the service, create and manage resources on your behalf.	April 7, 2021
AWS MGN started tracking changes	AWS Application Migration Service started tracking changes for AWS managed policies.	April 7, 2021

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Grant permission to tag resources during creation

AWSApplicationMigrationServiceRolePolicy