IAM Custom Policies for Amazon EC2 Amazon Elastic Compute Cloud

IAM Custom Policies for Amazon EC2 Amazon Elastic Compute Cloud

In this tutorial we will discuss about the topic IAM Custom Policies for Amazon EC2 Amazon Elastic Compute Cloud.

Let us create Amazon EC2 resources and perform tasks using the Amazon API/CLI.

User Guide

IAM policies for Amazon EC2 (actions, ARN, condition keys) can be foundĀ here.

Custom IAM Policies

Backup Script

{ 
 "Version": "2012-10-17",
 "Statement": [
   {
     "Effect": "Allow",
     "Action": [
       "ec2:Describe*",
       "ec2:CreateSnapshot",
       "ec2:DeleteSnapshot",
       "ec2:CreateTags",
       "ec2:DescribeSnapshots"
     ],
     "Resource": "*"
   }]
}

Automation of Jenkins Slaves

{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Effect": "Allow",
     "Action": [
       "ec2:Describe*",
       "ec2:AssociateAddress",
       "ec2:StartInstances",
       "ec2:StopInstances"
     ],
     "Resource": "*"
   }]
}

Start/Stop Specific Instances

{
 "Version": "2012-10-17",
  "Statement": [
    {
     "Effect": "Allow",
     "Action": [
       "ec2:StopInstances", 
       "ec2:StartInstances"
     ],
     "Resource": "arn:aws:ec2:eu-west-1:12345678900000:instance/i-10fd3456",
     "Resource": "arn:aws:ec2:eu-west-1:12345678900000:instance/i-12fd3458"
   }]
}

Read Only EC2, Route53 and S3, plus GetConsoleOutput for Troubleshooting VM Startups

{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Effect": "Allow",
     "Action": [
       "ec2:Describe*",
       "ec2:GetConsoleOutput",
       "route53:Get*",
       "route53:List*",
       "s3:Get*",
       "s3:List*"
     ],
     "Resource": "*"
   }]
}

AMI Launch Script

{
 "Version": "2012-10-17",
  "Statement": [
    { 
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*",
        "ec2:AllocateAddress",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:AssociateAddress",
        "ec2:CreateSecurityGroup",
        "ec2:CreateTags",
        "ec2:RunInstances"
      ],
      "Resource": ["*"]
    }]
}
 
Enjoyed this video?
IAM Custom Policies for Amazon EC2 Amazon Elastic Compute Cloud
"No Thanks. Please Close This Box!"