I've successfully tested the referenced IAM policy via the IAM Policy Simulator - the policy simulator can be quite picky/tricky though and it took me a few attempts to get it right as well, here's what to look out for:
- Obviously you need to replace Account-Number and vpc-id in the policy with the actual values from your AWS account - presumably you did this already.
- Since you have created a policy for a specific Resource
arn:aws:ec2:us-east-1:Account-Number:security-group/*
, you need to ensure to also enter the identical Amazon Resource Name (ARN) as the value forResource
in the Simulation Settings. - Similarly, since you have created a policy with a specific Condition, the simulator asks to enter a value for the
ec2:Vpc
condition key in the Simulation Settings - you need to ensure to enter a full ARN as the value here rather than just the VPC id itself, i.e. something likearn:aws:ec2:us-east-1:Account-Number:vpc/vpc-12345678
rather than justvpc-12345678
!