Scribd
Upload
79 views3 pages

IAM Policy Examples For AWS EC2

This document provides examples of least-privilege IAM policies for AWS EC2 that can serve as building blocks for teams adopting AWS to develop their own policies ensuring secure access to EC2 resources without granting unnecessary permissions. It includes examples for allowing start/stop/terminate of instances, and restricting start/stop to instances with specific tags.

Uploaded by

Raunak Mondal 1164
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
79 views3 pages

IAM Policy Examples For AWS EC2

This document provides examples of least-privilege IAM policies for AWS EC2 that can serve as building blocks for teams adopting AWS to develop their own policies ensuring secure access to EC2 resources without granting unnecessary permissions. It includes examples for allowing start/stop/terminate of instances, and restricting start/stop to instances with specific tags.

Uploaded by

Raunak Mondal 1164
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

IAM Policy Examples for AWS EC2

Introduction

This document provides examples of least-privilege IAM policies for


AWS EC2. These examples can serve as building blocks for teams
adopting AWS to develop their own policies, ensuring secure access to
EC2 resources without granting unnecessary permissions.

Benefits of Least-Privilege IAM Policies


 Enhanced security: By granting only the specific permissions

required for a task, least-privilege policies minimize the potential


impact of compromised credentials or accidental policy
misconfigurations.
 Improved compliance: Implementing least-privilege policies aligns

with industry best practices and regulatory compliance requirements.


 Reduced risk: Limiting access reduces the chances of unauthorized

users performing unintended actions on EC2 resources.

Examples
1. Start/Stop an EC2 Instance

This policy allows the user to start, stop, and terminate EC2 instances:

JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
}
]
}

2. Restricting Start/Stop via Tags

This policy allows the user to start and stop only EC2 instances with a
specific tag key and value:

JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": [
"arn:aws:ec2:<region>:<account-
id>:instance/*",
"arn:aws:ec2:<region>:<account-id>:tag/*"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/key": "Environment",
"ec2:ResourceTag/value": "Development"
}
}
}
]
}

Note:
 Replace <region> with your AWS region and <account-id>
with your account ID.
 This example uses the StringLike condition to restrict access
based on tag key and value. You can modify the condition to meet
your specific requirements.

Additional Considerations
 When creating IAM policies, consider the principle of least privilege

and grant only the minimum permissions necessary for the user or
role to perform its intended function.
 Utilize resource-level permissions whenever possible to further

restrict access.
 Regularly review and update IAM policies to ensure they remain

aligned with your security needs.

You might also like