Deny access of read for i am user for instance attribute user data

i have an requirement that i want to hide instance user data from any user, like I don't want to allow any iam user/role to read what my instance user data has, I did tried to deny DescribeInstanceAttribute with condition for attribute "UserData"but that didn't worked. i just want to know is it possible to hide this specific instance attribute "userData" from user?

주제

보안, 신원 및 규정 준수 컴퓨팅

태그

보안, 신원 및 규정 준수 아마존 EC2 IAM 정책

언어

English

rePost-User-9257957

질문됨 일 년 전244회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

It certainly seemed difficult to narrow it down with the condition key. https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions

It's not a radical solution, but why not store the contents of UserData in S3 and control browsing within S3?

I thought it would be good to unify the EC2 user data by getting, unpacking, and executing the UserData object in S3.

takakuni

답변함 일 년 전

rePost-User-9257957
일 년 전
If you can share any reference on how to achieve by using s3
takakuni
일 년 전
Sorry for the Japanese content, but this is an image of the following site. https://dev.classmethod.jp/articles/ec2-userdata-s3-script/#toc-3

I thought that user data would not be compromised if I restricted the permissions to view ec2-template.sh on the site using S3.

Deny access of read for i am user for instance attribute user data

관련 콘텐츠