IAM Policy Conditions
Activity6: Try to write a policy which will allow user to do anything on ec2 if the region is mumbai and read permissions on other regions
- As the basic policy is ec2 readonly we can get the defintion from ec2 readonly
- Now we need to verify if the region is mumbai (ap-south-1)
- IAM Policy has a conditonal block Refer Here
- For the conditional operators Refer Here
- Refer Here for the global conditional keys
- Refer Here
Activity7: Try to create an IAM Policy which allows the user to start or stop ec2 instances if the availability zone is ap-south-1a and ec2 read permission irrespective of regions
Exercise: Give the permission to user to Create, start, stop ec2 instances if the instance-type is t2.micro and read only permission for the rest of ec2 instances
- Create a policy json for this.
