I need to configure an access profile that can turn on/off, modify the network structure, visualize information and manipulate the accesses of two EC2 instances, that is, manage these two machines without modifying or inserting any hardware. The user will no longer have any access or authorization on the AWS platform and will not be able to create new instances or any services that will generate monetary cost. Which profile configuration would be suitable for this situation?
It currently looks like this:
AmazonEC2FullAccess
EC2InstanceConnect
Could someone help me?
**AmazonEC2FullAccess**
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"ec2scheduled.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"transitgateway.amazonaws.com"
]
}
}
}
]
}
**EC2InstanceConnect**
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2InstanceConnect",
"Action": [
"ec2:DescribeInstances",
"ec2-instance-connect:SendSSHPublicKey"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
