How do i give IAM Permissions to a Group to manage a Specific EC2 Instance.

Question

I have a group called "accounts" with 5 users added to it. I want to include a group permission that allows these 5 users to have access to an EC2 Instance called Accounts. They wont have access to other instances just this instance alone. 
Thank you. I would appriciate the JSON code with the specific names as mentioned above.

Answer

You can do this by tagging your instance(s) with a particular value (say, `Accounts`) and then writing an IAM policy which allows access to EC2 resources with that tag: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/control-access-with-tags.html

It is as easy as including `"StringEquals": { "aws:ResourceTag/environment": "Accounts" }` in the `Condition` part of the IAM policy.

There are many other examples [in the documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html).

Note that you're going to have to define what you mean by "access". The IAM policy allows you to control who can administer the instance(s) from the console or command-line interface or any other API. If you mean "who can SSH or RDP to the instance" then you might want to look at [Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) or control access on the instance itself using the operating system controls.

How do i give IAM Permissions to a Group to manage a Specific EC2 Instance.

相关内容