Is there a method or command in the IAM system to allow or deny access to a specific instance?
Only for VPC based instances
– By default, all requests are denied. (In general, requests made using the account credentials for resources in
the account are always allowed.)
– An explicit allow overrides this default.
– An explicit deny overrides any allows.