- Newest
- Most votes
- Most comments
As you have read, you wont be able to limit which instances are displayed in the console even with tags. You can restrict what operations a user can perform like starting and stop;ping instances. See https://aws.amazon.com/premiumsupport/knowledge-center/restrict-ec2-iam/
Multiple accounts would be the best option to achieve what you are trying to do and you can setup a multi-account environment pretty easily with Control Tower.
I dont think you can compare with AWS Academy as that seems to be a learning management system built on AWS which probably has its own mechanisms for filtering what can be seen between accounts.
One other simple thing you can do is give the professors a URL that contains the filter for their EC2 instances. For example, you can tag all of your instances with "Owner" with a value of the name of the Professor. Then give them a URL like this:
https://us-east-1.console.aws.amazon.com/ec2/v2/home?region=us-east-1#Instances:v=3;tag:Owner=ProfessorName
Where ProfessorName is their name.
I had a similar request from a question from a customer a while back; what I suggested is that they build a self-service portal for their users - that way they could precisely control the visibility and the actions that could be performed. But it's more work for you to do this.
In this particular case, my customer took some code I wrote as part of this blog post and modified the Workspaces component to control EC2 instead.
That said (and to repeat): It's work that you have to do. I think that Matt-B's answer is better here because you're relying on native AWS constructs so you're not maintaining anything going forward.
Thank you both for such quick replies. I was hoping I had missed an easy solution but it looks like that is not the case. I like Matt-B's idea of providing a like that is filtered. It is not a perfect solution but should work.
I find it amazing that AWS does not provide someway to limit what users can see based on tagging or some other method as it seems I am not the only one trying to do something like this. Again thank you both for your help.
Relevant content
- asked 8 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 8 months ago