How to setup AWS IAM Lightsail User and Permissions

/ AWS Lightsail Hosting, Web Hosting Management / By / iam, Lightsail, Security, user permissions

In this video I will walkthrough the process of setting up a separate AWS User for the Lightsail Console with restricted permissions. This will be useful if you need to give access to someone else other than you to maintain a Lightsail server instance. If you need to have someone let’s say manage a Lightsail instance you might think about giving your  AWS credentials, which you should not do,  Instead you should setup a specific user with only access to the instances they would need to manage. You might have some other use cases for this as well.

Steps:

  1. Login to Lightsail Dashboard/Console
  2. Go to AWS Console.
  3. Go to IAM (Identify Access Management)
  4. Create Lightsail Policy
    1. AWS Policies define the level of permissions for AWS resources
    2. Then you would apply the policy to the user
  5. Open PowerShell and Get Instance ARN.
  6. Create Group and Assign Policy
  7. Create User and Add to Group.
    1. Give Console Access
    2. Auto-generate Password
  8. Open a new browser, login as new user
  9. Test out the permissions.

Lightsail Custom Policy JSON:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "lightsail:Get*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Deny",
            "Action": [
                "lightsail:GetInstanceAccessDetails"
            ],
            "Resource": "[DENIED ARN INSTANCE GOES HERE]"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "lightsail:Get*",
                "lightsail:PutInstancePublicPorts",
                "lightsail:StartInstance",
                "lightsail:StopInstance",
                "lightsail:RebootInstance",
                "lightsail:OpenInstancePublicPorts",
                "lightsail:CloseInstancePublicPorts",
                "lightsail:CreateInstanceSnapshot",
                "lightsail:GetInstanceAccessDetails"
            ],
            "Resource": "[ALLOWED ARN INSTANCE GOES HERE]"
        }
    ]
}

Full Permissions to Lightsail Custom Policy JSON:

{
 "Version": "2012-10-17",
 "Statement": [
 {
 "Effect": "Allow",
 "Action": [
 "lightsail:*"
 ],
 "Resource": "*"
 }
 ]
}

All videos tutorials on the website as well as the YouTube channel aim to provide a simplified process for a specific scenario; there could be many different factors and unique use cases you may have. The tutorials may not cover every situation; so treat is as a starting point or learning concept to apply to your unique situations, and consider this inspiration but not prescription or explicit direction.

Other Webhosting Tutorials

Scroll to Top