How to create the AWS iam policy for hide the ec2 instance based on tags

0

I'm looking for a way to restrict the visibility ec2 instances to certain IAM accounts. I'd really like a way for a particular account to only be able to see the instances that it has created i.e. when it does a describeInstances only those it has created are present.

KARTHIK
asked 6 months ago295 views
3 Answers
2

I think what you're asking is how to restrict visibility of EC2 instances in a specific account where there are multiple users in that account. The short answer is that you can't do that - you can restrict (using tag policies) what actions different users (i.e. callers to the EC2 API with different identities) can perform on EC2 instances; but you can't restrict the visibility of those instances in a "List" operation - either via the API or in the console.

Not really answering the question but for more information about tag-based access control: https://repost.aws/knowledge-center/restrict-ec2-iam

profile pictureAWS
EXPERT
answered 6 months ago
profile pictureAWS
EXPERT
reviewed 6 months ago
0
Accepted Answer

Why we can't hide the particular instance for that particular user???

KARTHIK
answered 6 months ago
  • See the comment on the other answer - the API doesn't support resource-level permissions. This is because the API is designed as a "list all the resources" rather than "list the specified resources".

0

You can leverage AWS Organizations and give each group their own AWS account.

AWS
answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions