0
Is it possible to configure an IAM user to be able to start a EC2 instance via CLI but don't have access to the web based AWS console (read: he should only be able to start his own instance)?
Alexander Zeitler
Posted 2017-02-06T11:15:09.033
Reputation: 901
0
When you create a user in the console, on the second screen, there are two checkboxes:
- Programmatic access and
- AWS Management Console access
If you chose just the first one, the user shouldn't be able to access the console.
But unfortunately you can't limit the access rights of the user to a specific EC2 instance. I am afraid that is not possible. It is like 0 or 1: Nothing or everything. You can just configure the access method CLI and/or console.
Cornelius
Posted 2017-02-06T11:15:09.033
Reputation: 16
Thanks. But he will still be able to see all EC2 instances via CLI/API (he should only be able to see his EC2 instance)? – Alexander Zeitler – 2017-02-10T14:28:35.263
I actually don't know. Of course you have to chose the right role in the next screen, but I the user still can see something in the console or can log in at all, the checkboxes in the first screen don't make sense. – Cornelius – 2017-02-10T14:31:26.290
I think the roles are 1 or 0: see (all) EC2 instances or none. – Alexander Zeitler – 2017-02-10T14:32:27.787
ah, ok, now I get it. Yes, that's true. I didn't get that you want to limit the access rights of the user to a specific EC2 instance. I am afraid that is not possible. It is like you said: 0 or 1. Nothing or everything. You can just configure the access method CLI and/or console. – Cornelius – 2017-02-10T14:34:49.237
Thanks. If you update your answer, I can mark it as answer. – Alexander Zeitler – 2017-02-10T15:26:37.823