1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi,
The way to do it is to have IAM policies denying ec2:TerminateInstances explicitly to all security principals (or least not allowing it directly or indirectly via Action:*) except the execution role of the CDK.
See https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html for all possible EC2 auths.
So, nobody except CDK (and global Admin) will then be allowed to terminate EC2 instances.
The Termination Protection feature does not relate to IAM: it's either all (lncl. your CDK role) or nothing. So, you have to revert to IAM policies to achieve your goal.
Best,
Didier
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 mois
Crossposted to stackoverflow