Is there a method in the IAM system to allow or deny access to a specific instance?
Only for VPC based instances
– By default, all requests are denied. (In general, requests made using the account credentials
for resources in the account are always allowed.)
– An explicit allow overrides this default.
– An explicit deny overrides any allows.