amazon-web-services amazon-ec2 amazon-iam terraform-provider-aws amazon-policy

What are the required AWS IAM policy permissions to create security group and adding inbound/outbound rules?

I am writing an IAM Policy to deploy EC2 Instances along with creating Security Groups using Terraform, I don't want to give EC2 full access. Following principle of least privilege, what are the permissions required to create Security groups also adding inbound and outbound rules?

Solution

The list of IAM actions for EC2 should be a helpful reference.

The action for creating a security group is CreateSecurityGroup. Note: that action alone will not suffice if you need to create ingress and egress rules on the security group. For those, you will need to add AuthorizeSecurityGroupIngress and AuthorizeSecurityGroupEgress.

AWS AppSync Lambda authoriser always results in "Error: Request failed with status code 401"
How to make CloudFront never cache index.html on S3 bucket
AWS Cognito - How to force select account when signing in with Google
aws_instance - changing volume_size
couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server
aws s3 ls: An HTTP Client raised an unhandled exception: Invalid header value
LocalStack TestContainer + AWS SQS + Spring Boot -> Unable to execute HTTP request
Deleting cognito user & identity has no affect on user access
I am trying to add a cloudfront behavior to my an origin and I am getting InvalidArgument: The parameter CachedMethods is required
Zip multiple S3 files and stream the archive back to S3 using limited memory
AWS public IPv4 address usage
run scheduled task in AWS without cron
Why can't I connect AWS RDS instance from EC2 instance in another VPC after peering
Target Group Binding not getting created for an ALB
How to rename MYSQL database in RDS?
Why does Getting a record, modifying its primary key, and then Putting it back seem to overwrite the record if the primary keys are different?
How do you add python packages in AWS Glue 3.0 Jupyter Notebook jobs?
Running Jupyter Notebook on AWS Lambda
Use AWS Lambda to execute a jupyter notebook on AWS Sagemaker
Retrieve Amazon Reviews user emails through API
How to link "aws_apigatewayv2_route" with "aws_apigatewayv2_integration"?
Security group setup to restrict EC2 to VPC lambda
Get files names in sub-directories in a directory in AWS3 by C#
AWS EC2 Connection closed by when trying ssh into instance
Selling Partner API Amazon 400 bad request
AWS credentials from 'Single Sign On' expire too frequently - how can I get credentials with a longer lifetime?
How to connect a lambda to a database accessible locally on Mac's localhost when using sam
AWS EC2 Placement Groups: Partition vs Spread
Can I trace every request using AWS X-Ray?
Lambda cold start possible solution?