Reputation: 241
How to Restrict AWS AMI access to certain user?
I just have created an AWS EC2 AMI for my EC2 instance. I wanted to give restriction to that AMI(user level,not account level). For example User1 have created AMI named ami-123. User1,User2,User3 are present in that account. I want only User1 should have permission to create EC2 instance using ami-123.
Please help me to sort it out?
Upvotes: 0
Views: 1539
Answers (1)
Reputation: 269091
By default, users in an AWS Account have no permissions to do anything.
You then grant them permissions for actions they are allowed to call, such as RunInstances.
As part of these permissions, you can restrict the permissions they are receiving, such as the AMI they can specify:
arn:aws:ec2:region::image/*
See: Resource-Level Permissions for RunInstances
Alternatively, you could ALLOW RunInstances but then create a policy to DENY use of a particular AMI.
Upvotes: 4
Related Questions
- Prevent AWS root to access running EC2 instance
- How can I restrict AWS AMI usage by owner in an IAM policy?
- Restrict EC2 permissions for an IAM user to use an AMI
- How to restrict AMI user to see EC2 instance on AWS
- Restrict access to S3 based on EC2 Instance and User
- limiting aws ec2 users
- assign IAM user to access only one EC2 instance
- How do I restrict AWS instances by user group in the AWS console?
- How can I allow a single user to have access of an ec2 instance in AWs console using IAM
- Within IAM, can I restrict a group of users to access/launch/terminate only certain EC2 AMIs or instances?