IAM to prevent launching Public AMIs

0

Is there any IAM Permission that can prevent launching any Public AMIs. I want my user to launch only Private AMIs. Is there any other mechanism in EC2?

2 Answers
2
Accepted Answer

You can leverage Condition operator in IAM JSON policy elements Eg. Boolean conditions enable the creation of Condition elements that limit access by comparing a key to either "true" or "false."

{
            "Sid": "DenyLaunchingPublicAMI",
            "Effect": "Deny",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:<region>::image/ami-*",
            "Condition": {
                "Bool": {
                    "ec2:Public": "true"
                }
 }

Document:

answered 7 months ago
profile picture
EXPERT
reviewed 7 months ago
1
AWS
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions