0

i have amazon ec2 instance running, i read about amazon IAM but not able to figure out how can i achieve this thing.

My problem is i have many directory created in my ec2 instance, so let's say i want to create IAM user and i want to give permission that that user can access only one directory which is on /home/user and user can download files from this location so what kind of permissions i have to assign for achieving above thing?

i created User with read only permission but what kind of user policy i have to attatch with this so that i can achieve my desired output.

Working Hard..
  • 91
  • 3

2 Answers2

0

That is not possible. AWS IAM is all about controlling access to AWS resources, i.e. EC2 instances, EBS volumes, RDS instances etc.

It cannot be used to control access to directories within an EC2 instance.

Craig Miskell
  • 4,216
  • 1
  • 16
  • 16
  • is something we can-not do for specific ec2 instance? http://blogs.aws.amazon.com/security/post/Tx1P2T3LFXXCNB5/Writing-IAM-policies-Grant-access-to-user-specific-folders-in-an-Amazon-S3-bucke – Working Hard.. Jan 06 '15 at 08:47
  • S3 buckets are not "directories inside an EC2 instance" – Craig Miskell Jan 06 '15 at 09:01
0

You seem to be wanting to restrict access to certain files and/or folders on your machine running in EC2. This is something that you need to do on OS level and not in AWS IAM.

Do a web search on linux user management tutorial or similar and you'll find loads of guides on how to achieve what you want.

Bazze
  • 1,531
  • 10
  • 11
  • main problem is i have given permission in the way you describes to use, but my requirement is i have ftp server and i want to change the access the same with sftp.. through winscp i can able to login through ftp protocol and i want to allow access through sftp also.. my os is in amazon ec2, so can you help me how can i achieve this? – Working Hard.. Jan 07 '15 at 05:24
  • @WorkingHard..: I'm not really sure what you mean. Are you talking about allowing SFTP on network level? Like opening up for the default SFTP port? – Bazze Jan 07 '15 at 13:57