By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IAM to prevent launching Public AMIs

0

Is there any IAM Permission that can prevent launching any Public AMIs. I want my user to launch only Private AMIs. Is there any other mechanism in EC2?

Topics
Security, Identity, & Compliance
Tags
Security, Identity, & ComplianceAWS Identity and Access Management
Language
English
shankarv
asked 7 months ago213 views
2 Answers
2
Accepted Answer

You can leverage Condition operator in IAM JSON policy elements Eg. Boolean conditions enable the creation of Condition elements that limit access by comparing a key to either "true" or "false."

{
            "Sid": "DenyLaunchingPublicAMI",
            "Effect": "Deny",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:<region>::image/ami-*",
            "Condition": {
                "Bool": {
                    "ec2:Public": "true"
                }
 }

Document:

Anjali Sharma
answered 7 months ago
profile picture
EXPERT
Gary Mclean
reviewed 7 months ago
1

You can also consult the following https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis

AWS
Secur3Kat
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content