1 Answer
- Newest
- Most votes
- Most comments
1
Allowing full access allows operation.
But IAM best practice is least privilege permissions.
Therefore, we recommend creating an IAM policy that allows developers to do only what they need to do.
https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege
It is possible to create an EBS volume with EC2 full access, but if you only want to create it, you can create it by allowing "ec2:CreateVolume".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html
Relevant content
- Accepted Answerasked 6 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
You will need to create a custom IAM policy using the instructions in this document. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html#access_policies_create-json-editor