amazon-web-servicesamazon-iamaws-ebs

IAM policy to restrict EBS volume creation above threshold


How can I restrict users to create EBS volume with a size greater than 20 GB? Is there any available policy condition keys to in a policy?


Solution

  • You can use one of the Numeric Condition Operators against the ec2:VolumeSize condition. The following would restrict creation of an EBS volume to one of 20GB or less:

    {
        "Version" : "2012-10-17",
        "Statement" : [
            {
                "Sid": "EC2CreateVolume",
                "Effect": "Allow",
                "Action": "ec2:CreateVolume",
                "Resource": "*",
                "Condition": {
                    "NumericLessThanEquals": {
                        "ec2:VolumeSize": "20"
                    }
                }
            }
        ]
    }