I have the following IAM Role:
- AmazonEC2FullAccess
- Custom-Policy
In my custom policy I have:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "iam:ListRoles",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/16"
}
}
}
]
}
Then I create a new EC2 instance and attach this role to it.
Inside the EC2 Instance I try to do:
aws iam list-roles
But I get this error:
An error occurred (AccessDenied) when calling the ListRoles operation: User: arn:aws:sts::XXXXXXX:assumed-role/My-Role/i-XXXXXX is not authorized to perform: iam:ListRoles on resource: arn:aws:iam::XXXXXXX:role/
Do you have an idea why it's not working, please? thanks.
PS: The EC2 instance's IP is 10.0.0.XX