0

I want to create IAM policy which will restrict group or users to stop/terminate two used EC2 instances but they can create their own EC2 instances. I used following policy statement for this:

 { "Sid": "Stmt1449662318000", "Effect": "Allow", "Action": [ "ec2:*" ], "Resource": [ "*" ] }, { "Sid": "Stmt1449662339000", "Effect": "Deny", "Action": [ "ec2:*" ], "Resource": [ "arn:aws:ec2::myAcctId:instance/i-4a36178ef", "arn:aws:ec2::myAcctId:instance/i-9e3fb747" ] }

But this is not working correctly. It allows other user/group to stop my already used 2 instances. How to achieve this?

Improve this question

1 Answer 1

Reset to default
0

I was able to achieve this by adding following statement to policy:

 { "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition" : { "StringNotEquals" : { "ec2:ResourceTag/Name" : [ "UAT-Environment", "INT-Environment" ] } } }
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.