Menu
AWS Identity and Access Management
User Guide

AWS Elastic Beanstalk: Allows Access to a Specific Application, Environment, and Version

This example shows how you might create a policy that allows access to a specific Elastic Beanstalk application, environment, and version. To use this policy, replace the red text in the example policy with your own information.

Copy
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:Describe*", "ec2:Describe*", "s3:GetObject", "iam:ListInstanceProfiles", "cloudformation:GetTemplate" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticbeanstalk:CheckDNSAvailability", "elasticbeanstalk:CreateStorageLocation", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticbeanstalk:Describe*", "elasticbeanstalk:ValidateConfigurationSettings" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "elasticbeanstalk:InApplication": [ "arn:aws:elasticbeanstalk:<REGION>:<ACCOUNTNUMBER>:application/<APPLICATION-ID>" ] } } }, { "Action": [ "elasticbeanstalk:ListAvailableSolutionStacks", "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:DeleteApplicationVersion", "elasticbeanstalk:UpdateApplicationVersion", "elasticbeanstalk:UpdateApplication", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:RestartAppServer", "elasticbeanstalk:SwapEnvironmentCNAMEs", "elasticbeanstalk:UpdateEnvironment", "elasticbeanstalk:UpdateApplicationVersion" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:<REGION>::solutionstack/*", "arn:aws:elasticbeanstalk:<REGION>:<ACCOUNTNUMBER>:application/<APPLICATION-ID>", "arn:aws:elasticbeanstalk:<REGION>:<ACCOUNTNUMBER>:environment/<APPLICATION-ID>/<ENVIRONMENT-ID>", "arn:aws:elasticbeanstalk:<REGION>:<ACCOUNTNUMBER>:applicationversion/<APPLICATION-ID>/<APPLICATION-VERSION>" ] } ] }