{{ }} Substitute variables
Adjust the variable values according to your preference.
Policy Code
Referenced from: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2_ebs-owner.html
1{
2 "Version": "2012-10-17",
3 "Statement": [
4 {
5 "Effect": "Allow",
6 "Action": [
7 "ec2:AttachVolume",
8 "ec2:DetachVolume"
9 ],
10 "Resource": "arn:aws:ec2:*:*:instance/*",
11 "Condition": {
12 "StringEquals": {"aws:ResourceTag/{{tagName}}": "{{tagValue}}"}
13 }
14 },
15 {
16 "Effect": "Allow",
17 "Action": [
18 "ec2:AttachVolume",
19 "ec2:DetachVolume"
20 ],
21 "Resource": "arn:aws:ec2:*:*:volume/*",
22 "Condition": {
23 "StringEquals": {"aws:ResourceTag/{{EBSOwnerTag}}": "${aws:username}"}
24 }
25 }
26 ]
27}DOC
Replace {{tagName}} and {{tagValue}} with the tag pair you wish to set as a condition. Also replace {{EBSOwnerTag}} with the name of the tag that includes the owner username as the value.
