All Linux HowTo's

An AWS IAM Custom Policy To Allow EC2 Snapshots

This article shows how to create a custom AWS IAM policy to allow snapshots. The first code snippet is what works but as you can see, it’s liberal. The second snippet is what “should” would but doesn’t. I’d love some feedback on this.

This works but is too broad:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

This doesn’t work but should:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:CreateSnapshot",
                "ec2:CreateImage"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.