Cant see instance when apply a custom policy in IA


I have created a policy for restricting access of a user to a single instance as:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1392113879000", "Effect": "Allow", "Action": [ "ec2:*" ], "Resource": [ "arn:aws:ec2:us-east-1:account:instance/instance_id" ] } ] }

But I am getting this error:

You are not authorized to describe Running Instances You are not authorized to describe Elastic IPs You are not authorized to describe Volumes You are not authorized to describe Snapshots You are not authorized to describe Key Pairs You are not authorized to describe Load Balancers You are not authorized to describe Placement Groups You are not authorized to describe Security Groups

I cant see the instance in the console. If i cant implement this thing then what is the use of policies!!

Im stuck please help


from iam-policies-for-amazon-ec2

Currently, not all API actions support individual ARNs; we'll add support for additional API actions and ARNs for additional Amazon EC2 resources later. For information about which ARNs you can use with which Amazon EC2 API actions, as well as supported condition keys for each ARN, see Supported Resources and Conditions for Amazon EC2 API Actions.

So, wiritng ec2:* is not going to help you. Instead, you should provide exact API actions that you wish to grant to this user.

Also, quoting from the same link referred above:

To specify all resources, or if a specific API action does not support ARNs, use the * wildcard in the Resource element as follows:

Assigning restrictive EC2 IAM polices is a bit complicated. You may want to read above referred link in detail as well as this link.


Check your region. Your policy uses US-East-1, but where are your instances? US-West-2?


  • How ETags are generated and configured?
  • Count unique values per unique keys in python dictionary
  • How can I test all ulimits of docker?
  • Allow multiple IPs to access Wordpress Site Admin via .htaccess
  • “ModSecurity Access Denied” in logs. I don't understand what its telling me.. Should I be conce
  • Apache HttpClient 4 persistent connection per Proxy instead of per route
  • How do I split “abcd efgh” into “abcd” and “efgh”?
  • How can I get multiple occurences from multi dimensional array?
  • How to allow guest access to some actions in Yii2 Controller?
  • Set Reference Points for Overlaying Data onto an image in R
  • Search file for matching IP address in Linux
  • This document does not exist, it will not appear in queries or snapshots? Cloud Firestore
  • Setting up the network for Kubernetes
  • Thrift Client can't connect
  • How to discard only the last element of CKEditor undo stack?
  • Sorting IP Addresses in a Python Script
  • How to change permission of mapped volume in kubernetes/Docker
  • deploying Node.js app for production
  • Celery + Redis - .get() hangs indefinitely after running smoothly for ~70 hours
  • Bitmap of Android WebView is blank
  • How to add SSL certificate to Bluemix java cloud foundry application?
  • docker-compose: connection refused between containers, but service accessible from host
  • Returning semi-unique values from a list
  • Android gcm notification payload vs data payload?
  • Version in docker-compose is unsupported
  • Setting the run time properties on SpringApplicationBuilder()
  • Git describe fails to return most recent annotated tag
  • Loading .coffee files via a view in Rails
  • Create DicomImage from scratch using Dcmtk
  • one Local Olampyad Questions on Informatic in 2011
  • Why value captured by reference in lambda is broken? [duplicate]
  • angularjs unit test when to use $rootScope.$new()
  • How to model a transition system with SPIN
  • ActionScript 2 vs ActionScript 3 performance
  • How can I estimate amount of memory left with calling System.gc()?
  • Apache 2.4 - remove | delete | uninstall
  • Why joiner is not used after Sequence generator or Update statergy
  • Recursive/Hierarchical Query Using Postgres
  • UserPrincipal.Current returns apppool on IIS
  • How to load view controller without button in storyboard?