By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Single AMI Permissions

0

Hi all,

Please could you assist me as this has been driving me a little crazy over the past few days. I have been asked to create a new IAM user in our AWS (which I have done) and out of a bundle of custom AMI's we have here to only give this new user access to 1 single image only.

Is this actually possible? I have read up on policies for that user and tried all sorts of policy attributes but it either gives full access to all AMI's or nothing. I just cannot work out a way to restrict it to 1 single AMI ID.

Any assistance would be amazing.

Thanks in advance.

PS - I am not a qualified AWS engineer and simply using Google to learn bits. So please be kind.

Topics
Security, Identity, & ComplianceComputeNetworking & Content Delivery
Tags
AWS Identity and Access ManagementAmazon Machine Images (AMI)Security Group
Language
English
fusion1275
asked 8 months ago176 views
1 Answer
0

How about something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1692107502751",
      "Action": [
        "ec2:RunInstances"
      ],
      "Effect": "Allow",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ImageID": "ami-0123456789"
        }
      }
    }
  ]
}
profile pictureAWS
EXPERT
kentrad
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content