IAM role/policy to allow Ylastic just to perform specfic tasks
Hi,
For security purposes we would like to provide Ylastic just specific permissions/roles/policies that would allow Ylastic to only be able to perform the tasks that we would use Ylastic for. Currently we are only using Ylastic to manage specific scheduled snapshots tasks. Is it possible to set some restrictive role/policiy in IAM to allow Ylastic to perform those tasks only? If so, do you what roles/policies must be set?
Thank you in advance
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
1 Posted by Yop on 20 May, 2016 03:00 PM
Got it, it seems that I have found the right customized policy. In case is useful for someone, the following policy allows Ylastic only to create/delete snapshots and some actions related to volumes but not the deletion of a volume:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*Snapshot*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:*Volume*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:DeleteVolume",
"Effect": "Deny",
"Resource": "*"
}
]
}
Support Staff 2 Posted by Ylastic on 20 May, 2016 03:42 PM
Thanks for posting this!
Ylastic closed this discussion on 03 Feb, 2017 01:36 PM.