Instruqt Docs
  • 🚩Getting started
    • Overview
    • Setting up
      • Study Room
    • Quickstart
  • 🛤️Tracks
    • Manage tracks
      • Create tracks
      • Edit locally
      • Test tracks
      • Track logs
      • Track time limits
      • Track feedback
      • Developer workflow
      • Track tags
      • Track authors
      • Delete tracks
      • Custom layouts
      • Version control
      • Loading experience
    • Challenges
      • Create challenges
      • Challenge tabs
      • Challenge order
      • Skip challenges
      • Add quizzes
      • Assignment display
      • Assignment editor
    • Share tracks
      • Live Events
        • Instructor tools
      • Track invites
      • Embed tracks
      • Landing pages
  • 🏖️Sandboxes
    • Overview
    • Sandbox hosts
      • Add hosts
      • Custom VM images
      • Custom container images
      • Public images
      • Windows VMs
      • Website service
      • SSL certificates
    • Cloud accounts
      • Securing your cloud accounts
      • Cloud Client
      • AWS accounts
        • AWS Environment Variables
        • AWS Managed Policies
        • AWS IAM Policies
        • AWS SCP Policies
      • Azure subscriptions
        • Azure Environment Variables
        • Azure Roles
        • Azure Resource Providers
      • GCP projects
        • GCP Environment Variables
        • GCP IAM Permissions
    • Lifecycle scripts
      • Scripting overview
      • Track scripts
      • Challenge scripts
      • Example scripts
      • Helper scripts
    • UI Checks
    • Global Sandbox Settings
      • Hot start
      • Sandbox presets
      • Custom resources
      • Cloud services and regions
        • Allowed services and regions
    • Secrets and variables
      • Runtime variables
      • Runtime parameters
      • Secrets
  • ⚙️Settings
    • Integrations
      • Salesforce (Beta)
      • HubSpot (Beta)
      • HubSpot (Using zapier)
      • LTI
      • Version control
        • GitHub
    • Authentication
      • SSO
      • API keys
    • Platform
      • API
      • Webhooks
      • Track limits
  • 💡Reference
    • Feature overview
    • Instruqt CLI
      • Commands
      • Configuration files
      • Assets
    • Instruqt platform
      • Networking
      • Host machine types
      • Quotas and limits
      • Roles and permissions
      • Network access
      • Requirements
  • 🛟Resources
    • Content design tips
    • Advanced use cases
    • Templates
    • FAQ
      • Running Windows Client Hosts on Instruqt
      • Using Cleanup Scripts in SaaS and Cloud Environments
      • Instruqt Regional Configurations and Restrictions
      • Troubleshooting Instruqt CLI Authentication Issues
      • Copy a Track from One Organization to Another via CLI
      • Network Configuration: IP and MAC Address Control
      • Container Troubleshooting in Instruqt
Powered by GitBook
On this page
  • Setting IAM policies
  • User IAM Policy
  • Admin IAM Policy
  • Example IAM Policy

Was this helpful?

Edit on GitHub
  1. Sandboxes
  2. Cloud accounts
  3. AWS accounts

AWS IAM Policies

Setting IAM policies

IAM policies define permissions for an action regardless of the method that you use to perform the operation.

— AWS documentation

User IAM Policy

Describe what a user IAM policy is here and when to use it

Admin IAM Policy

Describe what an admin IAM policy is here and when to use it

Example IAM Policy

For more fine-grained control, you can set IAM policies. The following example sets a managed policy that limits the EC2 instance types to only several t2 and t3 instances. Note the use of the pipe symbol | to indicate that a multi-line JSON policy will follow.

Update your AWS account by entering the following pin the IAM policy field:

|
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "RequireLessThanXLInstanceType",
          "Effect": "Deny",
          "Action": "ec2:RunInstances",
          "Resource": "arn:aws:ec2:*:*:instance/*",
          "Condition": {
            "StringNotEquals": {
              "ec2:InstanceType": [
                "t2.nano",
                "t2.micro",
                "t2.small",
                "t2.medium",
                "t2.large",
                "t3.nano",
                "t3.micro",
                "t3.small",
                "t3.medium",
                "t3.large"
              ]
            }
          }
        }
      ]
    }

Edit your config.yml file to include this content:

aws_accounts:
- name: awsaccount
  iam_policy: |
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "RequireLessThanXLInstanceType",
          "Effect": "Deny",
          "Action": "ec2:RunInstances",
          "Resource": "arn:aws:ec2:*:*:instance/",
          "Condition": {
            "StringNotEquals": {
              "ec2:InstanceType": [
                "t2.nano",
                "t2.micro",
                "t2.small",
                "t2.medium",
                "t2.large",
                "t3.nano",
                "t3.micro",
                "t3.small",
                "t3.medium",
                "t3.large"
              ]
            }
          }
        }
      ]
    }

See IAM on the AWS docs site for more information.

PreviousAWS Managed PoliciesNextAWS SCP Policies

Last updated 1 day ago

Was this helpful?

🏖️