Menu
I'm trying to allow one user to all actions on us-west-2, this is the policy I have.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["ec2:*"],
"Resource": "arn:aws:ec2:us-west-2:837625274593:*"
}
]
}
I got the account number from "OWNER" parameter on an instance, not sure if is it.
853
Open the Amazon EC2 console, and then add tags to the group of EC2 instances that you want the users or groups to be able to access. If you don't already have a tag, create a new tag. Note: Be sure to read and understand the tag restrictions before tagging your resources. Amazon EC2 tags are case-sensitive.
IAM is a global service, it's not region specific and you would configure something like this using IAM roles and cross account access.
{
"Statement": [
{
"Sid": "Stmt1375943389569",
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": "us-west-2"
}
}
}
]
}
That should enable the user to have all access to ec2 in only the us-west-2 region
100
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
