You can use IAM policies to control the actions that your users can perform against your EC2resources. For instance, a policy with the following statement will allow users to perform actionswhose name start with "Describe" against all your EC2 resources.{ "Statement":[{ "Effect":"Allow", "Action":"ec2:Describe*", "Resource":"*" }] }