Create restriction policy
Create a policy to limit resource usage according to the EC2 family
-
Sign out and log in again with an IAM user with admin rights.
-
Go to IAM service administration interface
- Click Policies.
- Click Create Policy.
- At the Create policy page.
- Click JSON tab.
- Copy the policy below.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"ForAllValues:StringLike": {
"ec2:InstanceType": [
"t3.*"
]
}
}
}
]
}
+ Click **Next: Tags**.
- Click Next: Review.
- At Name enter EC2_FamilyRestrict.
- At Description enter Restrict to t3 families.
- Click Create policy.
In the next step, we will assign the policy to the CostTest group and then test the effectiveness of this policy.