AWS: Allow IAM to only one EC2 instance and one S3 bucket
Question
i tried multiple Policy JSONs from the web, but not a single one worked.
I have one IAM user i want to give full access but only to one EC2 instance and one S3 bucket. How to do that? On the web i can find many of those Policy JSONs to try, but none of them are working. I guess these are not valid with the latest AWS console anymore? Even the official AWS documentation gives me one example, but its not working for the IAM user.
One i found to provide access to one specific S3 bucket. Policy is assigned to the user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::testbucket/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:PutBucketWebsite",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::testbucket",
"arn:aws:s3:::testbucket/*"
],
"Condition": {
"ArnEquals": {
"aws:PrincipalArn": [
"arn:aws:iam::178880795068:user/testuser"
]
}
}
}
]
}
1 answers
solution1
0 2022-08-12 10:03:10
For EC2 instance, you can try tagging the EC2, and then in the policy add something like this
"Condition": {
"StringEquals": {
"ec2:ResourceTag/UserName": "${aws:username}"
}
}
with all actions you need to provide to user
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.