Home > Software design >  IAM Policy to only allowing viewing and editing EC2 instances by group
IAM Policy to only allowing viewing and editing EC2 instances by group

Time:09-16

I am trying to create a IAM User Group with a policy so that these users can only view and edit EC2 instances with a specific tag associated. I was able to create the IAM policy however, all EC2 instances are being listed (dont want this) when I log as the IAM user from this group.

  1. I want only the group of EC2 instances to show that are editable by an IAM user in this user group. Below is the JSON of the policy
    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ec2:*",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/aws:autoscaling:groupName": "abcd"
                }
            }
        },
      }

CodePudding user response:

According to Actions, resources, and condition keys for Amazon EC2 - Service Authorization Reference, the DescribeInstances action only accepts ec2:Region as a Condition Key.

Therefore, a Tag cannot be used as a Condition when listing Amazon EC2 instances.

Page link:https//www.codepudding.com/Softwaredesign/546981.html

Prev:How to change the /tmp folder in AWS Lambda to efs
Next:Terraform Count Functionality Using IF / OR
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding