AWS Lab 13 : AWS IAM & Control specific IAM user to manage specific EC2 instance

AWS Lab 13 : AWS IAM & Control specific IAM user to manage specific EC2 instance

 

Step:1 Create IAM user “mike”

Step:2 Create “ec2-describe” policy

{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": [
         "ec2:Describe*"
      ],
      "Resource": "*"
   }
   ]
}

or

{
“Version”: “2012-10-17″,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“ec2:DescribeInstances”,
“ec2:DescribeImages”,
“ec2:DescribeKeyPairs”,
“ec2:DescribeVpcs”,
“ec2:DescribeSubnets”,
“ec2:DescribeSecurityGroups”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “ec2:RunInstances”,
“Resource”: “*”
}
]
}

Step:3 Create “ec2-specific-instance” policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:RebootInstances",
                "ec2:TerminateInstances"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/critical": "true"
                }
            },
            "Resource": [
                "arn:aws:ec2:us-east-1:0xxxxxxxx4:instance/i-abcdef11",
                "arn:aws:ec2:us-east-1:0xxxxxxxx4:instance/i-efddddd1"
            ],
            "Effect": "Allow"
        }
    ]
}

Step:4 Attach above policies to the user "mike"

Step:5 Create a TAG to you instances "critical": "true"
Step:6 Login as a IAM user "mike" and verify the privilege.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>