Question

我正在尝试创建一个IAM策略，该策略为用户提供对使用sf_env：dev标记的所有EC2和RDS资源的完全管理权限。

我似乎无法弄清楚语法。

显示AWS策略模拟器第10行解析错误：... _ env＆＃34;：＆＃34; dev＆＃34;}}}]} {＆＃34;陈述＆＃34;：[{＆＃34; A ------ ------------- ^期待＆＃39; EOF＆＃39;，＆＃39;}＆＃39;，＆＃39;，＆＃39;，＆＃39;]＆＃39;，得到了＆＃39; {＆＃39;

{
"Version": "2012-10-17",
"Statement": [{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {"StringEquals": {"ec2:ResourceTag/sf_env":"dev"}}
}
]
}
{
"Statement": [{
"Action": "rds:"*",
"Effect": "Allow",
"Resource": "*",
"Condition": {"StringEquals": {"ec2:ResourceTag/sf_env":"dev"}}
}
]
}

Answer 1

感谢。我使用了AWS策略模拟器，它也会自动检查您的语法。我用这篇文章来找出我做错了什么。 http://blogs.aws.amazon.com/security/post/Tx1LYOT2FQML4UG/-Back-to-School-Understanding-the-IAM-span-class-matches-Policy-span-Grammar。我在一个语句块中有多个策略语句，这是一个问题。我用一个数组语句创建了一个策略块。

{
    "Version": "2012-10-17",
    "Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "ec2:*"
        ],
        "Resource": [
            "*"
        ],
        "Condition": {
            "StringEquals": {
                "ec2:ResourceTag/sf_env": "dev"
            }
        }
    },
    {
        "Effect": "Allow",
        "Action": [
            "rds:*"
        ],
        "Resource": [
            "*"
        ],
        "Condition": {
            "StringEquals": {
                "ec2:ResourceTag/sf_env": "dev"
            }
        }
    }
]

}

具有条件的IAM标记策略

1 个答案: