I can't seem to find support for a surprisingly relevant issue. There are 10's of AWS services, so I want an AWS policy that restricts our users to only EC2, RDS and API Gateway. How do I do this? Can I 'deny all' and only endorse these specific services?
When you create a new IAM user, the default is all permissions denied.
If you want all users to have the same permissions, create a group. Assign each user to the group. You can also create multiple groups for different types of users.
Amazon has predefined policies that grant varying levels of permissions for each type of service. Select the policies that apply to your goals to the group(s).
Very easy to implement.
You can also create custom policies that define basically anything that you want. IAM policies range from the simple to the very complex.