Jan 19, 2022

Attach or Detach Volumes to an EC2 Instance based on Tags

0
0
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Effect": "Allow",
6            "Action": [
7                "ec2:AttachVolume",
8                "ec2:DetachVolume"
9            ],
10            "Resource": "arn:aws:ec2:*:*:instance/*",
11            "Condition": {
12                "StringEquals": {"aws:ResourceTag/{{tagName}}": "{{tagValue}}"}
13            }
14        },
15        {
16            "Effect": "Allow",
17            "Action": [
18                "ec2:AttachVolume",
19                "ec2:DetachVolume"
20            ],
21            "Resource": "arn:aws:ec2:*:*:volume/*",
22            "Condition": {
23                "StringEquals": {"aws:ResourceTag/{{EBSOwnerTag}}": "${aws:username}"}
24            }
25        }
26    ]
27}
DOC

Replace {{tagName}} and {{tagValue}} with the tag pair you wish to set as a condition. Also replace {{EBSOwnerTag}} with the name of the tag that includes the owner username as the value.

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.