IAM_Policy_for_EICE_Endpoint.json

---->> REMOVE THIS LINE AFTER REPLACING FOUR (4) VARIABLLES WITH "***ABCDEF***" LEAVING QUOTE MARKS AS IS (IAM POLICY WILL THROW ERRORS IF THIS LINE IS NOT DELETED)
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EC2InstanceConnect",
            "Action": "ec2-instance-connect:OpenTunnel",
            "Effect": "Allow",
            "Resource": "arn:aws:ec2:***AWS_REGION***:***AWS_ACCOUNT_ID***:instance-connect-endpoint/***EICE-ENDPOINT-ID***",
            "Condition": {
                "NumericEquals": {
                    "ec2-instance-connect:remotePort": "22"
                },
                "IpAddress": {
                    "ec2-instance-connect:privateIpAddress": "***VPC_OR_SUBNET_CIDR_BLOCK***"
                },
                "NumericLessThanEquals": {
                    "ec2-instance-connect:maxTunnelDuration": "3600"
                }
            }
        },
        {
            "Sid": "SSHPublicKey",
            "Effect": "Allow",
            "Action": "ec2-instance-connect:SendSSHPublicKey",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "ec2:osuser": "ec2-user"
                }
            }
        },
        {
            "Sid": "Describe",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceConnectEndpoints"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}