Terminating EC2 instances is a critical action that should be denied by default, and only explicitly allowed for specific roles. There are situations where we want an instance to be able to terminate other instances, for example a role to be able to check the health status of the instances and terminate the bad ones. Worker Web Most of the I've found on allowing ec2:TerminateInstances through a IAM policy specify conditions based on source ip, user authentication methods, or target instance tags. examples The following snippet shows how to allow ec2:TerminateInstances based on the target instance profile: {"Sid": "TerminateWebInstances","Action": ["ec2:TerminateInstances"],"Condition": { },"Resource": ["arn:aws:ec2:us-west-1:<accountId>:instance/*"],"Effect": "Allow"} "StringEquals":{ "ec2:InstanceProfile":"arn:aws:iam::<accountId>:instance-profile/<Web>" } In the example above, this snippet would be added to the policy of the role , and will allow to terminate any target with instance profile . Worker Worker Web Make sure to change your account region, account id, and <Web> with the target instance profile you'd like to terminate. Do you let instances terminate other instances, and if so, how? I'd be interested to know. Please comment below or . find me on Twitter is how hackers start their afternoons. We’re a part of the family. We are now and happy to opportunities. Hacker Noon @AMI accepting submissions discuss advertising & sponsorship To learn more, , , or simply, read our about page like/message us on Facebook tweet/DM @HackerNoon. If you enjoyed this story, we recommend reading our and . Until next time, don’t take the realities of the world for granted! latest tech stories trending tech stories

Amazon

Facebook

Target

Twitter

How I Manage My Passwords (Technical Version)

Join my NFT project: Everdragons2

Nominated for 2022 - HackerNoon Contributor of the Year - Finance

Too Long; Didn't Read

Make resilience your competitive advantage

AWS Policy to Terminate Instances Based on Profile

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

Announcing Solo Kickstarter

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

Announcing Solo Kickstarter

101 Stories To Learn About Cloud Infrastructure

10 Things in Engineering We Don't Spend Enough Time On

10 Things I Did To Increase CloudTrail Logs Security

10 reasons to give cloud computing a go

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps