How can I restrict users to create EBS volume with a size greater than 20 GB? Is there any available policy condition keys to in a policy?
Asked
Active
Viewed 158 times
0
-
1Does https://stackoverflow.com/questions/49104681/how-to-limit-ec2-ebs-volume-size-for-ec2runinstances-in-iam-policy help to address (or provide hint) to your query? – Kishan Parekh Feb 17 '19 at 14:56
-
@KishanParekh yeah that helped!! Thanks :) – Manoj Acharya Feb 17 '19 at 15:14
1 Answers
1
You can use one of the Numeric Condition Operators against the ec2:VolumeSize condition. The following would restrict creation of an EBS volume to one of 20GB or less:
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid": "EC2CreateVolume",
"Effect": "Allow",
"Action": "ec2:CreateVolume",
"Resource": "*",
"Condition": {
"NumericLessThanEquals": {
"ec2:VolumeSize": "20"
}
}
}
]
}
ptierno
- 9,534
- 2
- 23
- 35
-
1I actually used "Deny" Effect and "NumericGreaterThanEqual" in the operator. Thanks for the help! :) – Manoj Acharya Feb 17 '19 at 15:15