IAM allows the user to access everything for ec2 in the region

Question

IAM allows the user to access everything for ec2 in the region

I am trying to allow one user to perform all actions on us-west-2, this is my policy.

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["ec2:*"], "Resource": "arn:aws:ec2:us-west-2:837625274593:*" } ] }

I got the account number from the "OWNER" parameter in the instance, but not sure what it is.

+4

amazon-web-services amazon-ec2 amazon-iam

Arnold roa Aug 7 '13 at 20:04

source share

1 answer

Brianjakovich · Accepted Answer · 2013-08-08T06:30:27+0000

 { "Statement": [ { "Sid": "Stmt1375943389569", "Action": "ec2:*", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "ec2:Region": "us-west-2" } } } ] }

This should allow the user to access ec2 only in the us-west-2 area

IAM allows the user to access everything for ec2 in the region

More articles: