Wednesday, February 17, 2016

AWS IAM policy for limiting the users access to a group of instance with a particular Tag Name.

AWS IAM policy for limiting the users access to a group of instance with a particular Tag Name.


The TAGNAME and VALUE will be
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:RebootInstances"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/TAGNAME": "VALUE"
                }
            },
            "Resource": "arn:aws:ec2:eu-east-0:123654456123:instance/*"
        }
    ]
}

No comments:

Post a Comment