2

AWS EC2 allows to set up termination protection, so that a user cannot accidentally terminate an instance.

I'd like to achieve a similar protection, but for the Stop operation, to avoid shutting down a machine accidentally.

Why? We are transitioning to high-performance NVMe storage, which does not survive a machine shutdown, unlike EBS volumes. We can obviously set up backups and complex replica mechanisms, but avoiding an accidental shutdown would be much simpler.

Any ideas on how to achieve this?

Interesting related thread: https://news.ycombinator.com/item?id=18043303

Alphaaa
  • 117
  • 1
  • 1
  • 8

1 Answers1

6

Create a policy that grants users the permissions you want them to have, and only give the "stop" permission to administrators.

Typically you would create a "users" group then associate a policy like the one below with that group. Note that "notaction" means "allow all actions other than this". This policy gives users access to everything in AWS other than stop / terminate actions. You will probably want to exclude other services and some other API calls within AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Resource": "*",
            "Effect": "Allow",
            "NotAction": [
                "ec2:Stop*",
                "ec2:Terminate*"
            ],
            "Sid": "BlacklistedAPICallsUser"
        }
    ]
}

You can also do things like prevent tags being changed and have a condition that only lets users stop instances without individual tags, but you'd have to learn about about IAM and do that yourself, or find an example online.

Backups / Replication

If the data on the ephemeral volumes is important you should back it up to EBS / EFS / S3 or mirror it to another instance. Hardware fails and instances can require maintenance, and while this doesn't happen often you need to cater for it.

Tim
  • 31,888
  • 7
  • 52
  • 78