ubuntu - How to grant access to specific instances on amazon web services -


i have several ec2 instances on aws , wondering best way organize them in order keep order. far know, not possible group such instances e.g. of folder or similar. solution came stick naming convention. so, names of instances follows:

  • examplecustomer-ubuntu-14.0.4-t2.micro-1
  • examplecustomer-ubuntu-14.0.4-t2.micro-2
  • examplecustomer1-ubuntu-14.0.4-t2.micro-1
  • examplecustomer1-ubuntu-14.0.4-t2.micro-2

now have several users/customers should see specific instances (e.g. customer1 should see instances starting examplecustomer1). therefore, created policy , attached user. idea use wildcard within arn-resourcepath, doesn´t seem work. have idea how achieve that?

example policy:

  {   "version": "2012-10-17",   "statement": [     {       "sid": "stmt1443859866333",       "action": "ec2:*",       "effect": "allow",       "resource": "arn:aws:ec2:region:account-id:instance/customer1*"     }   ] } 

i unable find solution follogwing documentation

you can't completey hide instances of yet using iam policies. can restrict users can on instances, either have suggested above, or 'tagging' instances , grant priviliges specific users based on tags.

you might find blog article useful:

https://blogs.aws.amazon.com/security/post/tx2kpwzjj4s26h6/demystifying-ec2-resource-level-permissions

also this:

currently, amazon ec2 ec2:describe* api actions not support resource-level permissions, cannot control individual resources users can view in console. therefore, * wildcard necessary in resource element of above statement. more information arns can use amazon ec2 api actions, see supported resource-level permissions amazon ec2 api actions.

from here: http://docs.aws.amazon.com/awsec2/latest/userguide/iam-policies-ec2-console.html


Comments

Popular posts from this blog

resizing Telegram inline keyboard -

command line - How can a Python program background itself? -

php - "cURL error 28: Resolving timed out" on Wordpress on Azure App Service on Linux -