PolicySimulator for ec2:AttachVolume

Question

I am trying to validate action ec2:AttachVolume using policy simulator sdk java API. my policy looks as follows

{
            "Action": [
                "ec2:AttachVolume"
            ]
            },
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ]
        },
        {
            "Action": [
                "ec2:AttachVolume"
            ]
            },
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ec2:*:*:volume/*"
            ]
        }

How can i validate it using policy simulator API as I need to provide both the resource i.e. instance and volume?

score 0 · Answer 1 · answered Apr 05 '20 at 11:51

With this policy the simulator works fine for me:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:DetachVolume"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "ArnEquals": {
                    "ec2:SourceInstanceARN": "arn:aws:ec2:*:*:instance/i-1234567890"
                }
            }
        }
    ]
}

PolicySimulator for ec2:AttachVolume

1 Answers1