What are the permission required for EC2 create Instance
Question
I am trying to create a policy for giving the user the permission to create Ec2 instance but I dont wan't to give all the permission inside write. Please verify if these permissions are enough or if some permission is extra
{
"Version": "2020-06-16",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "*"
}
]
}
2 answers
solution1
3 ACCPTED 2020-06-16 13:27:52
I can confirm these permissions should work if using the Console Wizard .
More examples of policies for other situations can be found here .
If you're ever in need of testing scenarios feel free to take a look at the IAM policy simulator . It can really help you to validate your permissions against actions easily without having to script or attempt executing the change(s) each time.
solution2
0 2023-01-04 05:39:44
Here you have to give create tag access, as for run instances it's a must needed option.Here I am attaching my policy for your refrence.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeInstanceTypes",
"ec2:RunInstances",
"ec2:DescribeSubnets",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.