Can an aws IAM policy dynamically refer to the logged in username?

Question

asked Sep 20, 2019 in AWS by yuvraj (19.1k points)

I am trying to write an IAM policy which will control access to EC2 instances. All EC2 instances will have a custom tag called username and only if the tag value matches the logged in user's user name, will that user have access to that EC2 instance. This is what I came up with:

{
"Version": "2012-10-12",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/username": "arn:aws:iam::account-number-without-hyphens:user/username1"
}
}
}
]
}

I am sure you see the problem here. I don't want to hard code the username value on the right-hand side. I want to be able to get that information at runtime or policy evaluation time.

1 Answer

Related questions

0 votes

1 answer

AWS Amazon IAM user Policy to access ONLY one EC2 instance on EU-WEST-1 region

asked Jul 12, 2019 in AWS by yuvraj (19.1k points)

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes

1 answer

How to create multiple sub users in an AWS account using IAM?

asked Jan 14, 2020 in AWS by yuvraj (19.1k points)

0 votes

1 answer

AWS IAM Policy to allow user to create IAM Roles (from Management Console & AWS CLI)

asked Sep 6, 2019 in AWS by yuvraj (19.1k points)

0 votes

1 answer

AWS IAM policy to enforce new EBS volumes are encrypted

asked Sep 6, 2019 in AWS by yuvraj (19.1k points)

0 votes

1 answer

Static content for AWS EC2 with IAM role

asked Jul 13, 2019 in AWS by yuvraj (19.1k points)

kodee · Answer 1 · 2019-09-20T11:00:50+0000

You can mention the IAM user in the policy documents like this ${aws:username}.

There is a list of other IAM policy variables and their uses here:

http://docs.aws.amazon.com/IAM/latest/UserGuide/PolicyVariables.html

Can an aws IAM policy dynamically refer to the logged in username?

1 Answer

Related questions

Browse Categories