For different purpose, it gets necessary to provide the EC2 access ton user or group. Providing AWS managed EC2 Full Access can be critical as if the credential is leaked or abused, there can have potential risk of huge bill end of the month. To avoid that, we can make a custom policy and mention the instance type you would like to permit. For instance, if you permit nano, micro, small and medium size of instance, you can define that. So that, the related users/group members won’t be able to launch EC2 other than the mentioned type,

Here are the steps:

Step 1: Go to IAM section of the AWS service

Step 2: Go to Policies

Step 3: Provide the following code in JSON with your preferred name of the policy

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:“, “Resource”: ““,
“Condition”: {
“ForAllValues:StringLike”: {
“ec2:InstanceType”: [
“.micro”,
“.nano”,
“*.small”,
“*.medium”

]
}
}
}
]
}

Step 4: Assign this policy to a role.

Step 5: Assign the role to a specific user/group to activate the policy

• Uncategorized