Show only selected servers in session manager

Question

Hi,

I am currently using session manager to provide access to all servers via session manager which is working as intended.

The issue comes where I got another set of users who require access to certain servers.

Is there anyway, only the servers that is required will be shown up in the session manager. I tried to edit the ec2:DescribeInstances but I just can't get it working.

Would require assistance with this.

Answer

Unfortunately, it is not possible to configure an IAM policy to allow viewing only of specific EC2 instances.

The reason for this is that most display actions, such as ec2:DescribeInstances, do not support "resource-level permissions. This means that you can only set either "show all EC2 instances" or "don't show all EC2 instances".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions

It seems that it is possible to set up a policy such that only certain EC2 sessions are initiated.
https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html#restrict-access-example-instances

Show only selected servers in session manager

관련 콘텐츠