Introducing Amazon EC2 resource-level permissions for RunInstances
We are excited to announce that Amazon EC2 now supports resource-level permissions for RunInstances. You can now construct fine-grained AWS Identity and Access Management (IAM) policies for EC2's RunInstances API, the API most-commonly used for creating new Instances.
This new feature enables you to construct IAM policies that provide you with significantly more control over the instances that your users can create. For example, you can restrict users so that they can only use certain AMIs and Snapshots. You can control which Subnets, VPCs, and Security Groups they can use. You can limit the instance types they can create and the instance features they can use. And you can limit the types of volumes they can create and the size of those volumes. As with other resource-level permissions for EC2, you also have the option to construct these policies using the tags applied to your resources, which in turn enables you to write simple policies to do things like control the instances a user can create in your "development" environment.
To learn more about resource-level permissions for EC2, please visit the Amazon EC2 User Guide.