AWS IAM策略无法限制用户在特定VPC中启动实例

时间:2014-04-03 09:25:08

标签: amazon-web-services amazon-iam

我有一个IAM策略,限制用户在特定VPC中启动实例。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "ec2:RunInstances",
      "Resource": [
        "arn:aws:ec2:us-west-2:accountID:instance/*",
        "arn:aws:ec2:us-west-2:*:image/* ",
        "arn:aws:ec2:us-west-2:accountID:subnet/*",
        "arn:aws:ec2:us-west-2:accountID:vpc/vpc-ID",
        "arn:aws:ec2:us-west-2:accountID:network-interface/*",
        "arn:aws:ec2:us-west-2:accountID:volume/*",
        "arn:aws:ec2:us-west-2:accountID:key-pair/*",
        "arn:aws:ec2:us-west-2:accountID:tags/*",
        "arn:aws:ec2:us-west-2:accountID:security-group/*"
      ]
    },
    {
      "Sid": "Stmt1394644402000",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateSecurityGroup"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "Stmt1394645330000",
      "Effect": "Allow",
      "Action": [
        "ec2:AllocateAddress",
        "ec2:AssociateAddress",
        "ec2:ReleaseAddress"
        "ec2:AttachVolume",
        "ec2:CreateVolume",
        "ec2:CreateTags"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

但政策不起作用。另外,我想限制用户在ec2-classic中启动一个实例。

感谢任何帮助。

由于

0 个答案:

没有答案
相关问题
最新问题