Compute requirements
Select Compute
You need to go to AWS’s EC2 page to check which Instance Families meet the above criteria
In the PAGE CONTENT section you will see EC2 divided into groups with different uses, select General Purpose
Select the instance family and check:
With the above criteria, there are many suitable instance families, but within the framework of this lab, we will choose: T3, T4g, M5 because:
Create an IAM Policy that only allows users to initialize EC2 with instance family: T3, T4g, M5
IAM
Policies
JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:148922931563:instance/*",
"Condition": {
"StringNotLike": {
"ec2:InstanceType": [
"t3.*",
"t4g.*",
"m5.*"
]
}
}
}
]
}
EC2_FamilyRestrict
Restrict to all, except t3, t4g and m5 families
Add policy EC2_FamilyRestrict to group CostTest
EC2_FamilyRestrict
.Check User’s policy
Check Permissions policies for Instance family: T4g
EC2
EC2_T4g_FamilyRestrict
Check Permissions policies for Instance family: M6i
EC2_M6i_FamilyRestrict
m6i.large
You can proceed to step 5 again, creating EC2 with instance family T3 and M5 to test the effectiveness of permission policy: EC2_FamilyRestrict