Delegating full access to EC2 instance

1

Hello,

I would like to delegate full access to EC2 to a third party (developer) by creating a role in IAM and then giving them a permission to only access the EC2 services whilst keeping business and other information confidential.

Could you please let me know if the right permission would 'AmazonEC2FullAccess' and what exactcly does this permission provide?

If convenient, please let me know the order of the steps needed to delegate access to a third party without compromising the security of my account.

In this regard, would the AWS Access Analyzer monitor the access by the third party?

Thanks!

1 個回答
0

Could you please let me know if the right permission would 'AmazonEC2FullAccess' and what exactcly does this permission provide?

You can see exactly what the policy includes by going to Policies in the IAM console and searching for AmazonEC2FullAccess, then click on the policy to view the permissions. I believe this direct link should work, assuming you're signed in, or you can view this copy on GitHub. Based on your problem description, this seems like the best policy to use.

If convenient, please let me know the order of the steps needed to delegate access to a third party without compromising the security of my account.

Start be creating the role. Since you want to delegate access to a third party, you'll need to know there account ID. On the Select trusted entity field, choose AWS Account, then "Another AWS Account". Optionally add an external ID if they provide one. Then enter the account ID and click next. Now search for the AmazonEC2FullAccess policy and check it to attach. Finally, type a name for the role, add any tags, and create the role. You can provide the role ARN to the third party. Now they will be able to assume the role with AmazonEC2FullAccess permissions.

See also the documentation.

In this regard, would the AWS Access Analyzer monitor the access by the third party?

You can use the access analyzer to identify all the resources that are shared with an external entity, so that may be useful for you. Refer again to the docs.

Hope this helps.

profile picture
專家
bwhaley
已回答 1 年前
profile pictureAWS
專家
Chris_G
已審閱 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南