ec2 permissions to manage only firewall access

firewall amazon-ec2 amazon-iam security-groups

Solution 1:

AWS provides a sample policy which does that:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:DeleteSecurityGroup",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": "arn:aws:ec2:*:*:security-group/*",
            "Condition": {
                "ArnEquals": {
                    "ec2:Vpc": "arn:aws:ec2:*:*:vpc/vpc-vpc-id"
                }
            }
        },
        {
            "Action": [
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSecurityGroupReferences",
                "ec2:DescribeStaleSecurityGroups",
                "ec2:DescribeVpcs"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

You need to at least adjust the VPC ID, create an IAM role with the policy above and grant your developer users permissions to switch to that role.

Related

How do I connect the Azure App service to the Local OnPremise Corporate network using ExpressRoute?
Find out which GCP project is hosting which appengine or which GCS bucket
Is it a good idea to put shared files outside public_html / root? [closed]
Memory used but not reported on Linux
Can't connect to SFTP and SSH (Google Cloud Platform)
MariaDB 10.2.35 Memory Spikes
CentOS working with older repos
Set up bridged vxlan network in linux
How can I start Windows Updates on 10 Windows 2016 servers remotely using Powershell
Gitlab on a minimal requirement Server
Can't see my character
Hammer Editor - "Unexpected End of File" On Load, Reading Chunks 33%