Amazon Elastic Compute Cloud
User Guide for Linux (API Version 2014-10-01)
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

IAM Policies for Amazon EC2

By default, IAM users don't have permission to create or modify Amazon EC2 resources, or perform tasks using the Amazon EC2 API. (This means that they also can't do so using the Amazon EC2 console or CLI.) To allow IAM users to create or modify resources and perform tasks, you must create IAM policies that grant IAM users permission to use the specific resources and API actions they'll need, and then attach those policies to the IAM users or groups that require those permissions.

When you attach a policy to a user or group of users, it allows or denies the users permission to perform the specified tasks on the specified resources. For more general information about IAM policies, see Permissions and Policies in the Using IAM guide.

Getting Started

An IAM policy must grant or deny permission to use one or more Amazon EC2 actions. It must also specify the resources that can be used with the action, which can be all resources, or in some cases, specific resources. The policy can also include conditions that you apply to the resource.

Amazon EC2 partially supports resource-level permissions. This means that for some EC2 API actions, you cannot specify which resource a user is allowed to work with for that action; instead, you have to allow users to work with all resources for that action.

TaskTopic
Understand the basic structure of a policyPolicy Syntax
Define actions in your policyActions for Amazon EC2
Define specific resources in your policyAmazon Resource Names for Amazon EC2
Apply conditions to the use of the resourcesCondition Keys for Amazon EC2
Work with the available resource-level permissions for Amazon EC2Supported Resource-Level Permissions for Amazon EC2 API Actions
Test your policy

Checking that Users Have the Required Permissions

Example policies for a CLI or SDKExample Policies for Working With the AWS CLI, the Amazon EC2 CLI, or an AWS SDK
Example policies for the Amazon EC2 consoleExample Policies for Working in the Amazon EC2 Console