Amazon EC2: Allows launching EC2 instances in a specific subnet, programmatically and in the console
This example shows how you might create an IAM policy that allows listing information
for all EC2 objects and launching EC2
instances in a specific subnet. This policy also grants the necessary permissions
to complete this action on the console. To use this policy, replace the italicized placeholder text
in the example policy with your own information.
Then, follow the directions in create a policy or edit a policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:Describe*", "ec2:GetConsole*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:
*
:*
:subnet/subnet-subnet-id
", "arn:aws:ec2:*
:*
:network-interface/*", "arn:aws:ec2:*
:*
:instance/*", "arn:aws:ec2:*
:*
:volume/*", "arn:aws:ec2:*
::image/ami-*", "arn:aws:ec2:*
:*
:key-pair/*", "arn:aws:ec2:*
:*
:security-group/*" ] } ] }