I am writing an IAM Policy to deploy EC2 Instances from the CLI, I don't want to give EC2 full access. Following principle of least privilege, what are the permissions required to provision EC2 Instances
Asked
Active
Viewed 296 times
1 Answers
2
It depends on if you want them to lunch from console or CLI.
For console, according to docs the following policy is suited:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "*"
}
]
}
For CLI the policies are shown here.
Marcin
- 215,873
- 14
- 235
- 294
-
can we have all those permissions under single action, in one statement? without having another statement for RunInstances. – mellifluous May 05 '20 at 00:36
-
@sagarmuth Yes. you can make it into one action element. – Marcin May 05 '20 at 00:37