Hi I am currently working with IAM services in AWS and I need a help and here is my question. I need to create two users user1 and user2 .my help is that when I logged in as user1 and create an instance it shouldnot be visible to user2 when he logged in to the same account. Is there any possibility to limit the IAM user's access?
Asked
Active
Viewed 39 times
0
-
Can you please elaborate on the use case? – Chris Pollard Jun 27 '18 at 09:33
-
hi Chris, I have edited my question now... I hope now you will understand it quite better. the user1 created resources should not be visible to user2 when he logged into the same account and vice-versa. – support Catchpenguins Jun 28 '18 at 07:03
1 Answers
0
Read-only access for EC2 does not allow resource-level permissions. See this example policy for further explanation.
Also, you can visit this link to see all operations that do not support resource-level permission.
See also this blog post for even more details.
Oresztesz
- 2,294
- 1
- 15
- 26
-
hi Oresztesz, Thankyou for your answer.....I have edited my question ..the user1 created resources should not be visible to user 2 when he login to the same account. Is there any possibility for this scenario? – support Catchpenguins Jun 28 '18 at 06:54
-
It's not possible because of same reasons. For example `ec2:DescribeInstances` does not allow any condition keys. You can't restrict instance listing by any value in your IAM policy. – Oresztesz Jun 28 '18 at 07:07