How to Restrict AWS Resource Access to a Specific IAM Role

0 votes

I have been trying to limit Amazon EC2 access to a specific IAM role in a Cloud Formation template. I used “Deny : NotPrincipal”, but i am getting an error saying ‘Policy document should not specify a principle’. 

Any suggestions as to how to scope AWS Resource to specific IAM role?

Jul 23, 2018 in AWS by datageek
 • 2,540 points 1,165 views

1 answer to this question.

0 votes

You can use iam get-role to find the Role-Id and add it to the policy condition under aws:userId

aws iam get-role --role-name Test-Role

IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Action": "ec2:CopyImage",
            "Resource": "*",
            "Condition": {
                "StringNotLike": {
                    "aws:userId": [
                        "AROAJPXXXXXJE5XOMQARS:*",
                        "AROAJPXXXXXJE5XOMQARS:*",
                        "AROAJXXXXXXV3EZVH2W5A:*",
                        "AROAJXXXXXXBH4XK552KI:*"
                    ]
                }
            }
        }
    ]
}
If you want to know more here is an article from AWS on restricting access to a role.

https://aws.amazon.com/blogs/security/how-to-restrict-amazon-s3-bucket-access-to-a-specific-iam-role/

answered Aug 13, 2018 by Archana
 • 4,170 points

Related Questions In AWS

0 votes
1 answer

restrict access to specific AWS Elastic Beanstalk resources

Yes. You can allow or deny permissions ...READ MORE

answered Nov 21, 2018 in AWS by Archana
 • 5,640 points 1,400 views
0 votes
1 answer

How to add a role to an instance profile in AWS?

Hi@akhtar, You can add the specified IAM role ...READ MORE

answered Nov 3, 2020 in AWS by MD
 • 95,460 points 606 views
0 votes
1 answer

How to create an access key for an IAM user in AWS?

Hi@akhtar, You can create a new AWS secret ...READ MORE

answered Nov 3, 2020 in AWS by MD
 • 95,460 points 653 views
+3 votes
4 answers

How to host a website on AWS?

Certainly, it can be used to do ...READ MORE

answered Mar 30, 2018 in AWS by brat_1
 • 7,200 points 2,934 views
+3 votes
3 answers

What is the Salary one can expect as a AWS Architect?

Hi, It totally depends on your understanding and ...READ MORE

answered Jun 24, 2019 in Career Counselling by Gitika
 • 65,770 points 5,743 views
0 votes
1 answer

How to secure EC2 Instances runnuing within a VPC?

Security groups present in a VPC provides ...READ MORE

answered Feb 19, 2019 in AWS by Ritesh
 1,533 views
0 votes
1 answer

What is a Security Group in VPC?

Security groups in a VPC is basically ...READ MORE

answered Feb 19, 2019 in AWS by Ritesh
 1,357 views
0 votes
1 answer

What is stateful filtering in VPC?

Stateful filtering is used to track the ...READ MORE

answered Feb 19, 2019 in AWS by Ritesh
 956 views
0 votes
1 answer

How to add IAM role to an existing instance in aws?

As of AWS CLI v1.11.46,  you can ...READ MORE

answered Sep 6, 2018 in AWS by Archana
 • 4,170 points 1,630 views
0 votes
1 answer

How to set up a SPF(Sender Policy Framework) for AWS EC2 instance?

Setting up a SPF record is pretty ...READ MORE

answered Aug 16, 2018 in AWS by Archana
 • 4,170 points 1,643 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.