Deny access of read for i am user for instance attribute user data


i have an requirement that i want to hide instance user data from any user, like I don't want to allow any iam user/role to read what my instance user data has, I did tried to deny DescribeInstanceAttribute with condition for attribute "UserData"but that didn't worked. i just want to know is it possible to hide this specific instance attribute "userData" from user?

1 Answer

It certainly seemed difficult to narrow it down with the condition key.

It's not a radical solution, but why not store the contents of UserData in S3 and control browsing within S3?

I thought it would be good to unify the EC2 user data by getting, unpacking, and executing the UserData object in S3.

profile picture
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions