Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Show only selected servers in session manager

0

Hi,

I am currently using session manager to provide access to all servers via session manager which is working as intended.

The issue comes where I got another set of users who require access to certain servers.

Is there anyway, only the servers that is required will be shown up in the session manager. I tried to edit the ec2:DescribeInstances but I just can't get it working.

Would require assistance with this.

Themen
KalkulationManagement & UnternehmensführungSicherheit, Identität & Konformität
Tags
Amazon EC2AWS SystemmanagerIAM-Richtlinien
Sprache
English
Alezz81
gefragt vor einem Jahr218 Aufrufe
1 Antwort
0

Unfortunately, it is not possible to configure an IAM policy to allow viewing only of specific EC2 instances.

The reason for this is that most display actions, such as ec2:DescribeInstances, do not support "resource-level permissions. This means that you can only set either "show all EC2 instances" or "don't show all EC2 instances". https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions

It seems that it is possible to set up a policy such that only certain EC2 sessions are initiated. https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html#restrict-access-example-instances

profile picture
takakuni
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt