pmilb
Reputation: 383
EC2 IAM Policy not working with ResourceTag
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["ec2:Describe*", "ec2:CreateSnapshot"],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/test":"true"
}
},
"Effect": "Allow",
"Resource": "*"
}
]
}
This is the IAM policy I am using. If I take out the condition line it works fine so it's just down to that. I tagged the instance with the tag key "test" and set the value to "true". What am I doing incorrectly? I am using the ec2 api tools and using ec2-describe-volumes to test
Upvotes: 7
Views: 4158
Answers (1)
Bribles
Reputation: 948
Not all EC2 actions allow resource-level permissions. Neither the Describe* actions nor CreateSnapshot are supported currently.
This lists the actions for EC2 that support resource-level permissions. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-policy-keys
Upvotes: 8
Related Questions
- Using aws:ResourceTag in conditions on an IAM policy for lambda functions does not work
- IAM Policy isn't allowing EC2 access
- AWS IAM policy restriction based on Tags not giving me any access
- Use tags inside IAM policy resource
- IAM Policy with `aws:ResourceTag` not supported
- EC2 IAM policy to require tags
- AWS IAM customized policy at instance level for EC2 doesn't work
- IAM Policy using Condition ec2:ResourceTag not working
- AWS IAM Policy: Tag only untagged resources
- IAM policy not working