Deny access of read for i am user for instance attribute user data

0

i have an requirement that i want to hide instance user data from any user, like I don't want to allow any iam user/role to read what my instance user data has, I did tried to deny DescribeInstanceAttribute with condition for attribute "UserData"but that didn't worked. i just want to know is it possible to hide this specific instance attribute "userData" from user?

1回答
1

It certainly seemed difficult to narrow it down with the condition key. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions

It's not a radical solution, but why not store the contents of UserData in S3 and control browsing within S3?

I thought it would be good to unify the EC2 user data by getting, unpacking, and executing the UserData object in S3.

profile picture
回答済み 1年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ