CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2aws-policies
HMT
HMT

Reputation: 2261

What are the permission required for EC2 create Instance

I am trying to create a policy for giving the user the permission to create Ec2 instance but I dont wan't to give all the permission inside write. Please verify if these permissions are enough or if some permission is extra

{
    "Version": "2020-06-16",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeInstances",
                "ec2:DescribeImages",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeVpcs",
                "ec2:CreateSecurityGroup",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:CreateKeyPair"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "*"
        }
    ]
}

Upvotes: 4

Views: 8508

Answers (2)

Aswin Nair
Aswin Nair

Reputation: 1

Here you have to give create tag access, as for run instances it's a must needed option.Here I am attaching my policy for your refrence.

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "ec2:DescribeImages",
            "ec2:AuthorizeSecurityGroupEgress",
            "ec2:AuthorizeSecurityGroupIngress",
            "ec2:DescribeInstances",
            "ec2:DescribeVpcs",
            "ec2:CreateSecurityGroup",
            "ec2:CreateTags",
            "ec2:DescribeInstanceTypes",
            "ec2:RunInstances",
            "ec2:DescribeSubnets",
            "ec2:DescribeKeyPairs",
            "ec2:DescribeSecurityGroups"
        ],
        "Resource": "*"
    }
]

}

Upvotes: 0

Chris Williams
Chris Williams

Reputation: 35188

I can confirm these permissions should work if using the Console Wizard.

More examples of policies for other situations can be found here.

If you're ever in need of testing scenarios feel free to take a look at the IAM policy simulator. It can really help you to validate your permissions against actions easily without having to script or attempt executing the change(s) each time.

Upvotes: 4

Related Questions