This project focuses on creating an IAM policy for an EC2 group that restricts the creation of EC2 instances to a specific type or region using Terraform.
In many AWS environments, it's crucial to have fine-grained control over resource creation permissions. This project demonstrates how to create an IAM policy that limits the EC2 instance creation capabilities of a group to a specific instance type or region. This enhances security by ensuring resources are only provisioned where and how they are intended.
- Creates an IAM policy that restricts EC2 instance creation based on specified criteria.
- Utilizes Terraform to manage infrastructure as code.
- Promotes security best practices by enforcing resource creation restrictions.
Before using this project, ensure you have the following:
- Terraform installed on your machine.
- AWS credentials configured on your system.
- Basic understanding of IAM policies and Terraform.
-
Clone this repository to your local machine:
git clone --single-branch --branch ec2-policy https://github.com/vireshsolanki/aws_iam_policy_terraform.git
-
Navigate to the project directory:
cd policy-creator
-
Initialize the Terraform configuration:
terraform init
-
Customize the
terraform.tfvars
file to specify the desired region,name,instance type and number of user you want to add in it. Add new users under the usernames , it won't effect the existing user you created with terraform.name = "ec2" region = "ap-southeast-1" instance-type= "t2.micro" usernames = { user1 = "vpd" user2= "gpc" }
-
Review the Terraform configuration files to ensure they meet your requirements.
-
Apply the changes to create the IAM policy:
terraform apply
This project consists of the following modules:
iam-usergroup
: Creates an IAM user group.iam-policy
: Defines the IAM policy with restrictions on EC2 instance creation.iam-role
: It is for creating policy attached to role (optional).group-usr
: Defines the user included in our group.
The project uses the following variables, which can be customized in the terraform.tfvars
file:
instance-type
: The allowed EC2 instance type.region
: The allowed AWS region for EC2 instance creation.usernames
: It allows to add user with mapping values.
Contributions to this project are welcome. Feel free to submit issues, feature requests, or pull requests.