Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional AWS Glacier Question Reply To: AWS Glacier Question

  • TutorialsDojo-Support

    Member
    June 3, 2020 at 7:49 pm

    Hi farris-kerai,

    The question did not indicate that the AWS account is “production only” which means that the AWS account is used for production and other functions as well. I know a company like this. Mostly small/medium companies use this setup because they only register one AWS and it will be used for Development, Staging, and Production environments. For whatever reason, they put all their resources on a single AWS account, maybe they want a single billing, a single managing account, a single IAM management, or just a small team managing the whole thing, etc.

    The requirement is to allow Developers to have full access, create/delete EC2, stop/start EC2, so that they can test everything they need before going to Production. But they should not be able to terminate or stop “Production” EC2 instance. For this scenario, AWS recommends that you tag your resources, examples: “env:Test” or “env:Prod” or “department:Finance”, etc., then configure your IAM roles permissions to restrict actions based on these Tags. So for this example, the Developers will only have full permissions for EC2 with tag “env:Test”, but they won’t be able to terminate/stop instances with the tag “env;Prod”.

    https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html

    Hope this helps.

    Regards,

    Kenneth Samonte @ Tutorials Dojo