TechQA.

IAM Role for a Lambda function to be able to isolate ec2 instance

168 views Asked by At

So I wrote a lambda function that it is triggered whenver CloudWatch events receives an ec2 related-finding from GuardDuty, the Lambda function will isolate the EC2 instance ( meaning it'll attach it to an isolated security group ), what are the necessary permissions that the lambda function role should have ? Is this fine for example ?

{
  "Effect": "Allow",
  "Action": [
     "ec2:AuthorizeSecurityGroupIngress", 
     "ec2:RevokeSecurityGroupIngress", 
     "ec2:AuthorizeSecurityGroupEgress", 
     "ec2:RevokeSecurityGroupEgress", 
     "ec2:ModifySecurityGroupRules",
     "ec2:UpdateSecurityGroupRuleDescriptionsIngress", 
     "ec2:UpdateSecurityGroupRuleDescriptionsEgress"
  ],
  "Resource": [
     "arn:aws:ec2:region:111122223333:security-group/*"
  ],
  }
 }
amazon-web-services security aws-lambda amazon-iam network-security-groups
Original Q&A
0

There are 0 answers

Related Questions in AMAZON-WEB-SERVICES

Related Questions in SECURITY

Related Questions in AWS-LAMBDA

Related Questions in AMAZON-IAM

Related Questions in NETWORK-SECURITY-GROUPS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions