{{ }} Substitute variables
Adjust the variable values according to your preference.
Policy Code
Referenced from: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_ec2_instances-subnet.html
1{
2 "Version": "2012-10-17",
3 "Statement": [
4 {
5 "Effect": "Allow",
6 "Action": [
7 "ec2:Describe*",
8 "ec2:GetConsole*"
9 ],
10 "Resource": "*"
11 },
12 {
13 "Effect": "Allow",
14 "Action": "ec2:RunInstances",
15 "Resource": [
16 "arn:aws:ec2:*:*:subnet/subnet-{{subnetId}}",
17 "arn:aws:ec2:*:*:network-interface/*",
18 "arn:aws:ec2:*:*:instance/*",
19 "arn:aws:ec2:*:*:volume/*",
20 "arn:aws:ec2:*::image/ami-*",
21 "arn:aws:ec2:*:*:key-pair/*",
22 "arn:aws:ec2:*:*:security-group/*"
23 ]
24 }
25 ]
26}
DOC
Replace {{subnetId}} with the id of your target subnet. Attach this policy to an identity to grant access.