How to Restrict AWS Resource Access to a Specific IAM Role

0 votes

I have been trying to limit Amazon EC2 access to a specific IAM role in a Cloud Formation template. I used “Deny : NotPrincipal”, but i am getting an error saying ‘Policy document should not specify a principle’. 

Any suggestions as to how to scope AWS Resource to specific IAM role?

Jul 23, 2018 in AWS by datageek
• 2,530 points
976 views

1 answer to this question.

0 votes

You can use iam get-role to find the Role-Id and add it to the policy condition under aws:userId

aws iam get-role --role-name Test-Role

IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "ec2:CopyImage",
            "Resource": "*",
            "Condition": {
                "StringNotLike": {
                    "aws:userId": [
                        "AROAJPXXXXXJE5XOMQARS:*",
                        "AROAJPXXXXXJE5XOMQARS:*",
                        "AROAJXXXXXXV3EZVH2W5A:*",
                        "AROAJXXXXXXBH4XK552KI:*"
                    ]
                }
            }
        }
    ]
}
If you want to know more here is an article from AWS on restricting access to a role.
https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

answered Aug 13, 2018 by Archana
• 4,170 points

Related Questions In AWS

0 votes
1 answer

restrict access to specific AWS Elastic Beanstalk resources

Yes. You can allow or deny permissions ...READ MORE

answered Nov 21, 2018 in AWS by Archana
• 5,640 points
1,030 views
0 votes
1 answer

How to add a role to an instance profile in AWS?

Hi@akhtar, You can add the specified IAM role ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,440 points
389 views
0 votes
1 answer

How to create an access key for an IAM user in AWS?

Hi@akhtar, You can create a new AWS secret ...READ MORE

answered Nov 3, 2020 in AWS by MD
• 95,440 points
403 views
+3 votes
4 answers

How to host a website on AWS?

Certainly, it can be used to do ...READ MORE

answered Mar 30, 2018 in AWS by brat_1
• 7,200 points
2,462 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

How to add IAM role to an existing instance in aws?

As of AWS CLI v1.11.46,  you can ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 4,170 points
1,415 views
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
• 4,170 points
1,365 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP