Reputation: 3
How to restrict AMI user to see EC2 instance on AWS
I want to make an account to external consultant to help us with AWS, but I want to allow him to only see certain EC2 instances instead of all.
I've read AWS documents/blogs about AMI and policies setting. I'm aware "describe" action can not have resource level permissions.
Is there any workaround to this? or we really need to let external consultant see all the instances' information?
Upvotes: 0
Views: 195
Answers (1)
Reputation: 117
this is currently not possible as many EC2 actions do not support resource-level permissions. check the answer to this question on their knowledge center site, and here I am quoting.
This is not currently possible for all API actions within EC2, but it is for some. Many essential EC2 actions do not support resource-level permissions or conditions, and isolating IAM users or groups of users’ access to EC2 resources by any criteria other than AWS region does not fit most use cases
Upvotes: 1
Related Questions
- restricting access to AWS EC2 instance through the bastion
- Prevent AWS root to access running EC2 instance
- Hide EC2 Instances from other IAM users
- Restrict EC2 permissions for an IAM user to use an AMI
- How to Restrict AWS AMI access to certain user?
- Restrict access to S3 based on EC2 Instance and User
- limiting aws ec2 users
- assign IAM user to access only one EC2 instance
- How to allow AWS user to see but not launch, start or stop instances
- How do I restrict AWS instances by user group in the AWS console?