IAM policy for EC2

Question

Please provide me a sample for AWS IAM policy regarding EC2 for restart only

Kidd Ip · Accepted Answer

Take this:

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowRebootEC2Instances",
      "Effect": "Allow",
      "Action": "ec2:RebootInstances",
      "Resource": "*"
    },
    {
      "Sid": "DenyOtherEC2Actions",
      "Effect": "Deny",
      "Action": [
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances",
        "ec2:ModifyInstanceAttribute"
      ],
      "Resource": "*"
    }
  ]
}
```

re:Post Agent · Answer

Here's a sample IAM policy that grants permissions to restart (stop and start) EC2 instances:

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
}
]
}
```

This policy allows the user, group, or role it's attached to perform only the StartInstances and StopInstances actions on any EC2 instance.

If you want to restrict this permission to specific instances, you can modify the Resource element to specify the ARNs of those instances.

For more granular control, you could also implement tag-based access control. For example, you could create a policy that only allows users to start or stop instances that have the same "CostCenter" tag value as the user attempting the action.  
**Sources**  
[Identity-based policies for Amazon EC2 - Amazon Elastic Compute Cloud](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html)  
[EC2: Start or stop instances based on matching principal and resource tags - AWS Identity and Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2-start-stop-match-tags.html)

IAM policy for EC2

添加回答

相关内容