To implement this, I created AWS Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UpdateIngress",
"Effect": "Allow",
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": "arn:aws:ec2:us-west-2:***:security-group/lc-github-action-ips"
},
{
"Sid": "DescribeGroups",
"Effect": "Allow",
"Action": "ec2:DescribeSecurityGroups",
"Resource": "*"
}
]
}
Then assigned it to user. I tried to run following command to test this
aws ec2 describe-security-groups --filters Name=group-name,Values=lc-github-action-ips
But it didnt not return anything. If I run above command with admin user, it returns security group details in Json
Whats I am missing here ?
Seems the user to whom you assigned the policy doesn't have programmatic access.
Created a new user and a new profile with the new user's access key id/secret access key in .aws/credentials file.
Ran the same command successfully as below with the new profile, keeping the policy, same (except region and account) as you shared.
aws ec2 describe-security-groups --filters Name=group-name,Values=lc-github-action-ips --profile newuserprofile