Day 18.Create Read-Only IAM Policy for EC2 Console Access
Cloud & SRE specializing in AWS and DevOps. I share my ongoing learning journey through practical tutorials and insights. Let's grow together.
Lab Information
When establishing infrastructure on the AWS cloud, Identity and Access Management (IAM) is among the first and most critical services to configure. IAM facilitates the creation and management of user accounts, groups, roles, policies, and other access controls. The Nautilus DevOps team is currently in the process of configuring these resources and has outlined the following requirements.
Create an IAM policy named iampolicy_javed in us-east-1 region, it must allow read-only access to the EC2 console, i.e this policy must allow users to view all instances, AMIs, and snapshots in the Amazon EC2 console.
Lab Solutions
Step-by-Step Instructions (AWS Console)
- Log in to AWS Console
Use your lab credentials and ensure the console region is us-east-1.
- Open IAM Service
In the AWS search bar → type IAM
Click IAM
- Create the IAM Policy
In the left menu → click Policies
Click Create policy
- Define Policy Permissions
You will see Visual editor and JSON tabs.
👉 Switch to the JSON tab
Replace the existing content with the following policy document:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:DescribeTags"
],
"Resource": "*"
}
]
}
This grants read-only (describe) access to:
EC2 instances
AMIs
Snapshots
Related metadata
Click Next.
- Name the Policy
On the Review and create page:
Policy name: iampolicy_javed
Description (optional):
Read-only access to EC2 instances, AMIs, and snapshots
Click Create policy.
