Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I am trying to write an IAM policy which will control access to EC2 instances. All EC2 instances will have a custom tag called username and only if the tag value matches the logged in user's user name, will that user have access to that EC2 instance. This is what I came up with:

{

    "Version": "2012-10-12",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": "ec2:*",

            "Resource": "*",

            "Condition": {

                "StringEquals": {

                    "ec2:ResourceTag/username": "arn:aws:iam::account-number-without-hyphens:user/username1"

                }

            }

        }

    ]

}

I am sure you see the problem here. I don't want to hard code the username value on the right-hand side. I want to be able to get that information at runtime or policy evaluation time.

1 Answer

0 votes
by (44.4k points)
You can mention the IAM user in the policy documents like this ${aws:username}.

There is a list of other IAM policy variables and their uses here:

http://docs.aws.amazon.com/IAM/latest/UserGuide/PolicyVariables.html

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...