I have been trying to create an IAM policy to restrict the permission of an user to only 1 instance of EC2 instance. EC2 instance description I created an user and associated that user to a group called "Restricted". And then I created a policy and attach the policy to the "Restricted" group.
This is my policy document created for this EC2 instance
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1474999077000",
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": [
"arn:aws:ec2:us-west-2:434174043592:instance/i-0b5a42e4827ffc147"
]
}
]
}
I then open policy simulator to test the user's permission to EC2 actions.
I got all permissions denied. What am I doing wrong? How should I fix it? Is it possible to allow user access to Billing and only show billing information of that EC2 instance?
Thanks in advance!