Restrict EC2 Instance Type

0

Hi, I want to restrict user to launch only specific type of instance in specific region using IAM Policy. Please help me in writing the IAM policy.

asked 4 months ago222 views
2 Answers
1

Does Customer is using AWS organization to manage their AWS accounts, if so, please advice them to use SCP across org. If its a single account then follow the below IAM policy with Condition flag

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:us-west-2:account-id:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:InstanceType": [
                        "t2.micro",
                        "t3.micro"
                    ]
                },
                "ForAllValues:StringEquals": {
                    "aws:RequestedRegion": [
                        "us-west-2"
                    ]
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*"
        }
    ]
}
profile picture
Hitesh
answered 4 months ago
0

An SCP would be ideal - here's an example for instance type. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_ec2.html#example-ec2-1

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "RequireMicroInstanceType",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": [
        "arn:aws:ec2:*:*:instance/*"
      ],
      "Condition": {
        "StringNotEquals": {
          "ec2:InstanceType": "t2.micro"
        }
      }
    }
  ]
}
profile pictureAWS
EXPERT
David
answered 4 months ago
profile picture
EXPERT
reviewed 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions