I'm in trouble creating an IAM policy to an specific user to grant privileges to start and stop EC2 instance.
I had tried several ways but I cant find the errors.
This is my policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1468227127000",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1468227157000",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": [
"arn:aws:ec2:region:user:instance/instance-ID"
]
}
]
}
As I have read, I am unabled to describe only one instance, in the first part I describe all my ec2 instances and it works, but in the second part I allow the user to start and stop one instance, but I can't start it.
Best Answer
This one works well for me. Pls note I added some quite useful (from my standpoint) actions, of course feel free to remove them if not needed:
Here
361111111111
is the Account ID as you see in the account Settings,i-0e411111111111111
is exactly the instance ID, should start withi-
, can be found at the left topmost row at the description tab of the instance.Please note the region is without availability zone.
For curious people: I tried to limit
ec2:Describe*
actions toarn:aws:ec2:us-east-1:361111111111:instance/*
, but this does not work. I removed the rightmost parts until it works, and turns out that"*"
works only.