CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2amazon-iamaws-policies
maisonfinder
maisonfinder

Reputation: 23

JSON Policy Shut Down Multiple EC2 Instances?

I am modifying a json in IAM policy in order to shut down multiple EC2 instances. I am able to shut down one EC2 instance with the following json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:us-west-1:11111111111:instance/i-00000000000000"
        }
    ]
}

I am unable to figure out how to shut down multiple instances. I figured I could enter multiple instance IDs but nothing I do seems to be allowed by AWS json policies.

Upvotes: 0

Views: 253

Answers (1)

samtoddler
samtoddler

Reputation: 9675

Using tag-based IAM policies is a good option here, instead of manually adding instance ids.

There are few other options as well in this doc : Controlling access during AWS requests

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": ["ec2:StartInstances","ec2:StopInstances"]
        "Resource": "arn:aws:ec2:*:*:instance/*",
        "Condition": {
            "StringEquals": {
                "aws:RequestTag/environment": [
                    "preprod",
                    "production"
                ]
            },
            "ForAllValues:StringEquals": {"aws:TagKeys": "environment"}
        }
    }
}

Upvotes: 1

Related Questions