Reputation: 65
Can you restrict an IAM instance profile to specific Linux accounts?
When associating an EC2 instance with a IAM role via "aws ec2 associate-iam-instance-profile" it seems that all Linux users on the instance can make API calls via those credentials. Is there a way to leverage the IAM instance profile but restrict access to specific users within the OS?
Upvotes: 0
Views: 916
Answers (2)
Reputation: 19
Direct way is not possible but there is a way that you can use aws profile and ask user to use that aws profile or you can bound that user to use aws profile.
Please follow link, use same AWS account while creating role. https://repost.aws/knowledge-center/s3-instance-access-bucket
Upvotes: 0
Reputation: 270224
No, this is not possible.
The EC2 instance metadata is available to anyone who can access the URL, which typically means any user and any app on the computer.
It sounds like you will need to store credentials against each application, by using a credentials file.
Upvotes: 0
Related Questions
- AWS IAM Instance Profile to Administer EC2 Instances With that Profile
- AWS: Limit which IAM roles can be attached to an EC2 instance by different IAM users
- Can we define a permission policy for an EC2 instance that allows login from an IAM role?
- Hide EC2 Instances from other IAM users
- How to manage multiple IAM users on a single EC2 instance?
- Restrict EC2 permissions for an IAM user to use an AMI
- Restrict an IAM policy to run only in an specified account
- Is there a way to limit IAM access from within EC2 instance
- assign IAM user to access only one EC2 instance
- Allow AWS IAM user to launch only one ec2 instance