I want to start by making sure that you understand you've deployed an EC2 instance which is deliberately vulnerable to a bunch of attacks. If you did not intend to do this please consider shutting it down.
If you are aware, that's ok. To your question:
There are a few concepts there that seem to be a bit jumbled.
You say "we deployed it with administrator access". Does this mean that the EC2 instance role has the IAM
AdministratorAccess policy assigned to it? If so, that means that the instance has the ability to do all of the things that you've listed; but also more.
If you wish to limit that instance so that it can only add/modify/remove the AWS components that you've listed then you will need to write an IAM policy (or one policy per service if you like) and attach those policies to the instance role while removing the
Note that "access" to someting like API Gateway can mean many thing: Is it the ability to create and administer API Gateway? Or is it the ability to call existing APIs that are hosted in APi Gateway?
Also, "access" could mean "read only" or it might mean "modify" so best to clarify what you need the instance to do and the write the appropriate policies.
Finally, it's possible that I've misunderstood here because you've also said "The account will need access to..." which implies an IAM user logging into the AWS account. If that's the case then the same comments above hold true; but the policies need to be applied to the user who is logging in rather than the EC2 instance role.
IAM role needed to assign a security group to a running EC2 instanceasked 4 months ago
Does user need Programmatic Access if using EC2 Instance Connect service?Accepted Answerasked 2 years ago
connect to EC2 instance from a local Visual Studio Code IDE with Session Manager and IAMAccepted Answer
If we provision an EC2 windows Instance, will it includes the windows license by default? what are the licensing types available from AWSAccepted Answerasked 6 months ago
access the ec2 instance using ssh, ssm with iam credentialsAccepted Answer
Limit which IAM roles can be attached to an EC2 instance by different IAM usersasked 10 months ago
Dynamically assign an IAM Role between an IAM user and and EC2 instanceasked 7 months ago
Create IAM user for a specific EC2 instanceasked a month ago
Get/Reset root password on a Linux EC2 instanceAccepted Answerasked 4 months ago
A new EC2 instance is created after termination of the only instanceAccepted Answerasked 2 years ago