How can I restrict users to create EBS volume with a size greater than 20 GB? Is there any available policy condition keys to in a policy?
You can use one of the Numeric Condition Operators against the ec2:VolumeSize
condition. The following would restrict creation of an EBS volume to one of 20GB or less:
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid": "EC2CreateVolume",
"Effect": "Allow",
"Action": "ec2:CreateVolume",
"Resource": "*",
"Condition": {
"NumericLessThanEquals": {
"ec2:VolumeSize": "20"
}
}
}
]
}