IAM allowing a user to access everything for ec2 on a region

I'm trying to allow one user to all actions on us-west-2, this is the policy I have.

{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": ["ec2:*"],
      "Resource": "arn:aws:ec2:us-west-2:837625274593:*"
    }
   ]
}

I got the account number from "OWNER" parameter on an instance, not sure if is it.

How do I give an IAM user access to a specific EC2 instance?

Open the Amazon EC2 console, and then add tags to the group of EC2 instances that you want the users or groups to be able to access. If you don't already have a tag, create a new tag. Note: Be sure to read and understand the tag restrictions before tagging your resources. Amazon EC2 tags are case-sensitive.

Is AWS IAM role region specific?

IAM is a global service, it's not region specific and you would configure something like this using IAM roles and cross account access.

{
  "Statement": [
    {
      "Sid": "Stmt1375943389569",
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:Region": "us-west-2"
        }
      }
    }
  ]
}

That should enable the user to have all access to ec2 in only the us-west-2 region

IAM allowing a user to access everything for ec2 on a region

Tags:

amazon-web-services

amazon-ec2

amazon-iam

Arnold Roa

People also ask

1 Answers

BrianJakovich

Recent Activity

Donate For Us

IAM allowing a user to access everything for ec2 on a region

Tags:

amazon-web-services

amazon-ec2

amazon-iam

Arnold Roa

People also ask

1 Answers

BrianJakovich

Related questions

Recent Activity

Donate For Us