AWS IAM Policies

Setting IAM policies

IAM policies define permissions for an action regardless of the method that you use to perform the operation.

AWS documentation

User IAM Policy

Describe what a user IAM policy is here and when to use it

Admin IAM Policy

Describe what an admin IAM policy is here and when to use it

Example IAM Policy

For more fine-grained control, you can set IAM policies. The following example sets a managed policy that limits the EC2 instance types to only several t2 and t3 instances. Note the use of the pipe symbol | to indicate that a multi-line JSON policy will follow.

Update your AWS account by entering the following pin the IAM policy field:

|
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "RequireLessThanXLInstanceType",
          "Effect": "Deny",
          "Action": "ec2:RunInstances",
          "Resource": "arn:aws:ec2:*:*:instance/*",
          "Condition": {
            "StringNotEquals": {
              "ec2:InstanceType": [
                "t2.nano",
                "t2.micro",
                "t2.small",
                "t2.medium",
                "t2.large",
                "t3.nano",
                "t3.micro",
                "t3.small",
                "t3.medium",
                "t3.large"
              ]
            }
          }
        }
      ]
    }

See IAM on the AWS docs site for more information.

PreviousAWS Managed PoliciesNextAWS SCP Policies

Last updated

Was this helpful?