IAM lightsail user restrict access to specific VM instances

0

I am trying to restrict access to only one VM instance in lightsail.

Using a policy

When trying: "Resource": "arn:aws:lightsail:us-west-2:xxxxxxxxxxxxx:Instance/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"

I get a 403 error?

If I use:

"Resource": "*"

IAM user can see all the VMs

I got my resource name above (obviously with out the "x's) from the command line using: aws lightsail get-instances

asked a year ago709 views
4 Answers
1
Accepted Answer

What IAM policies have you set up?
The following documentation shows that only a limited number of "Instances" can be set to "Resource".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonlightsail.html#amazonlightsail-actions-as-permissions

For example, the following IAM policy will allow you to view all Lightsail instances, but restrict instance operations to those instances configured in "Resource".

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "lightsail:*",
            "Resource": "arn:aws:lightsail:us-west-2:xxxxxxxxxxxxx:Instance/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
        },
        {
            "Effect": "Allow",
            "Action": "lightsail:Get*",
            "Resource": "*"
        }
    ]
}
profile picture
EXPERT
answered a year ago
0

That worked, thank you!

However, the current IAM user can still see all the Lightsail VM's of the root account (even though they can not control it) Is there a way to restrict this access so they only see the designated resource in the policy?

Perhaps giving an outside IAM user (not under root) access to the Lightsail resource?

answered a year ago
  • It may be possible with tag-based control, but it is not possible to hide it with resource-based control.

0
profile picture
EXPERT
Steve_M
answered a year ago
0

For example, just want the IAM user to see the server on the left.

Enter image description here

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions