Getting started with EC2 policies

Follow these steps to get started using EC2 policies.

Learn about the permissions you must have to perform declarative policy tasks.
Enable EC2 policies for your organization.
Note
Enabling trust access is required
You must enable trusted access for Amazon EC2. This creates a read-only service-linked role that is used to generate the account status report of what the existing configuration is for accounts across your organization.
Using the console
If you use the Organizations console, this step is a part of the process for enabling EC2 policies.
Using the AWS CLI
If you use the AWS CLI, there are two separate APIs:
- EnablePolicyType, which you use to enable EC2 policies.
- EnableAWSServiceAccess, which you use to enable trusted access.
For more information on how to enable trusted access for a specific service with the AWS CLI see, AWS services that you can use with AWS Organizations.
Run the account status report.
Create an EC2 policy.
Attach the EC2 policy to your organization's root, OU, or account.
View the combined effective EC2 policy that applies to an account.

For all of these steps, you sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization's management account.

Other information

Learn EC2 policy syntax and see example policies

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

EC2 policies

Best practices

Getting started with EC2 policies

Note

Other information