Certified AWS Security Specialist Exam

Despite the title, this article does not provide traditional AWS Security Exam braindumps.

Restricting EC2 Instance Creation

To ensure a role can create and manage EC2 instances only when launched in a specific VPC with required tag key/value pairs, consider the following options:

• Use an Organizations Service Control Policy to block launches outside the VPC and enforce tags.
• Attach an IAM policy that requires aws:RequestTag on RunInstances, uses ec2:ResourceTag for other EC2 actions, and adds a condition on ec2:Subnet or ec2:Vpc to restrict the VPC.
• Use an AWS Config rule to detect missing tags or wrong VPC and auto-remediate with Lambda.
• Use ec2:CreateTags in a policy condition to restrict which instances can be created.

Example Use Case

An analytics workload runs on an Amazon EC2 instance in a development account (Acct Dev01).

No direct quotes are available in the provided text.

Author's summary: AWS Security Specialist Exam tips provided.

more

TheServerSide — 2025-10-17