1

How can I start an EC2 instance by user A.

and the started instance by user A is unable to be seen by user B.

Can I do this with IAM?

I tried this set:

{
  "Statement": [
    {
      "Sid": "Stmt1341824399883",
      "Action": [
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInstances"
      ],
      "Effect": "Deny",
      "Resource": [
        "*"
      ]
    }
  ]
}

but it hides everything including the instances started by user A

Improve this question
1

1 Answer 1

Reset to default
5

Unfortunately there are no Amazon Resource Names(ARNs) for Amazon EC2: you can't write a policy that applies only to certain EC2 instances.

If you require isolation between the two, the only way I know of is to create a separate AWS account. You can use consolidated billing so that billing is aggregated with your other account, and you can share some things like EBS snapshots between accounts. Most things however can't be shared between accounts.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.