I am trying to grant an IAM group the ability to edit our EC2 Security Groups, but I have been unable to get this working without granting access to everything in EC2.
I have tried several versions of this:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1392336685000",
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": [
"arn:aws:ec2:us-east-1:<MYACCOUNTHERE>:security-group/*"
]
}
]
}
But when I login with the IAM user, I get a message in the Security Group page saying "You are not authorized to perform this operation."
I do know that the user/group is working because if I select the IAM Policy Template for "Amazon EC2 Full Access", the user can access everything in EC2.
I obviously do not have a lot of experience with IAM, any help would be greatly appreciated.