jeremyvillalobos
Reputation: 1815
How to allow image tagging with least privileges
I am using this IAM policy to allow a user to tag images with the least privileges possible.
However, it does not seem to be enough
{
"Version" : "2012-10-17",
"Statement" : [{
"Effect" : "Allow",
"Action" : [
"ec2:CreateTags",
"ec2:DescribeTags",
"tag:getResources"
"tag:getTagKeys",
"tag:getTagValues",
"tag:addResourceTags"
],
"Resource" : "arn:aws:ec2:::image/*"
}]
}
Also, is there a way to run AWS CLI so that it is more verbose at to the specific IAM permissions that it needs to use?
Upvotes: 0
Views: 1304
Answers (1)
helloV
Reputation: 52423
There is a syntax error after getResources. The following works perfectly for me:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:DescribeTags"
],
"Resource": "*"
}
]
}
The resource has to be " * " since CreateTags and DeleteTags actions do not support resource-level permissions. Policies granting access must specify " * " in the resource element.
Upvotes: 2
Related Questions
- Protecting AWS resources based on Tags
- AWS - Granting access to all resources with specific tags
- AWS IAM Policy to Enforce Tagging
- Give an instance only access to tag itself?
- AWS IAM User Access to S3
- How to restrict image acess to authorized website users only
- How to give Tag based access to IAM user group in AWS?
- Allow user to manage EC2 by its tags
- How to allow an EC2 instance access to its own tags from the OS
- How can I limit EC2 describe images permissions?