Activity 4: Create an IAM Policy to Start and Stop Ec2 instances
-
Create an IAM Policy to Start and Stop Ec2 instances, if the ec2 instance is in ap-south-1 region and in other regions only give read permissions
-
Every resource created in AWS will have unique ARN
- ARN for EC2
arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}
-
To fill this Refer Here
-
In our case
arn:aws:ec2:ap-south-1:*:instance/*
Activity 5: Create an IAM Policy to allow user to delete bucket if the region is only us-west-2
- Condition keys based on Actions and then there are global condition keys Refer Here
- We have condition block
-
Refer Here for changes
-
Exercise: Create an IAM policy to give full access to ec2 in all regions but oregon
Like this:
Like Loading...
