2 Answers
- Newest
- Most votes
- Most comments
0
Hi,
ec2:ModifyInstanceAttribute
does support the conditions stated in the link you posted. Here's also an example of a valid policy using conditions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:ModifyInstanceAttribute",
"Resource": "arn:aws:ec2:*:111111111111:instance/*",
"Condition": {
"StringEqualsIfExists": {
"aws:ResourceTag/example": "works"
}
}
}
]
}
Could you elaborate what you mean by
the poster is saying " At this time, there isn't a way to restrict "ModifyInstanceAttribute" to specific condition or resource.
0
I am struggling to see if this is even possible
Everything I have looked at myself, says you cant create an IAM policy that matches DeleteOnTermination value of Modifyinstanceattribute
Relevant content
- asked 2 years ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
Sorry i was referring to this post
https://repost.aws/questions/QUhZFUDY0OQCmEy8mc1Q7UnQ
But can you tell me, if i want to match DeleteOnTermination value of Modifyinstanceattribute, can we do it? i dont know how to match the list or array object