- Newest
- Most votes
- Most comments
In AWS, access to resources, including EC2 instances, is controlled by AWS Identity and Access Management (IAM). IAM allows you to manage access to AWS services and resources securely. Whether you can see or get access to EC2 instances created by another AWS user depends on the IAM policies associated with your IAM user or role Aws documentation will guide you more about this :- https://docs.aws.amazon.com/IAM/latest/UserGuide/access_permissions-required.html
Hi Debolek,
I am almost done. is it possible that I can see or get access to EC2 created by another AWS user ?
Hope it clarifies and if does I would appreciate answer to be accepted so that community can benefit for clarity, thanks ;)
From :- https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2_tag-owner.html
If you want to provide EC2 start and stop permissions to users from an external Active Directory, you can follow these general steps:
Create an AWS SSO Permission Set:
In AWS SSO, create a permission set that includes the permissions (start and stop EC2 instances) you want to grant. Assign Permission Set to Users:
Assign the permission set to the users from your external Active Directory. This association will grant them the specified permissions. Create IAM Role with EC2 Permissions:
Create an IAM role with the desired EC2 permissions. This IAM role will be assumed by the EC2 instances when started or stopped. Trust Relationship:
Modify the trust relationship of the IAM role to allow AWS SSO to assume the role on behalf of the users. The trust relationship might look something like this:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::<ACCOUNT_ID>:sso.amazonaws.com" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "ssosso.amazonaws.com:aud": "app/<SSO_APP_ID>" } } } ] } Replace <ACCOUNT_ID> with your AWS account ID and
Relevant content
- Accepted Answerasked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a month ago
From :- https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2_tag-owner.html
If you want to provide EC2 start and stop permissions to users from an external Active Directory, you can follow these general steps:
Create an AWS SSO Permission Set:
Assign Permission Set to Users:
Create IAM Role with EC2 Permissions:
Trust Relationship:
Modify the trust relationship of the IAM role to allow AWS SSO to assume the role on behalf of the users. The trust relationship might look something like this:
Replace
<ACCOUNT_ID>
with your AWS account ID and