Create restriction policy
Create policy to limit resource usage according to EBS volume type
-
Signout and login again with IAM user with admin rights.
-
Go to IAM service management console
- Click Policies.
- Click Create Policy.
- At the Create policy page.
- Click JSON tab.
- Copy the policy below.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Deny",
"Action": "ec2:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:VolumeType": "io1"
}
}
}
]
}
+ Click **Next: Tags**.
- Click Next: Review.
- At Name enter EC2_FamilyRestrict.
- At Description enter Dont allow EBS io1 volumes.
- Click Create policy.
In the next step, we will assign the policy to the CostTest group and then test the effectiveness of this policy.