我试图限制用户启动/停止特定的EC2实例(TESTSYS),为此,我在IAM策略下创建并分配给测试用户(TESTUSER):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Resource": "arn:aws:ec2:us-east-1a:XXXXXXXXXXXX:instance/i-abcdefgh012345678",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Name": "TESTSYS"
}
}
}
]
}
当我以此测试用户身份登录并尝试启动" TESTSYS"实例我收到错误消息You are not authorized to perform this operation. Encoded authorization failure message:。以下是已解码的消息:
{
"DecodedMessage": {
"allowed": false,
"explicitDeny": false,
"matchedStatements": {
"items": []
},
"failures": {
"items": []
},
"context": {
"principal": {
"id": "ABCDEFGHIJK0123456789",
"name": "testuser",
"arn": "arn:aws:iam::XXXXXXXXXXXX:user/testuser"
},
"action": "ec2:StopInstances",
"resource": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:instance/i-abcdefgh012345678",
"conditions": {
"items": [
{
"key": "ec2:Tenancy",
"values": {
"items": [
{
"value": "default"
}
]
}
},
{
"key": "ec2:PlacementGroup",
"values": {
"items": [
{
"value": "arn:aws:ec2:us-east-1:XXXXXXXXXXXX:placement-group/App Servers"
}
]
}
},
{
"key": "XXXXXXXXXXXX:Name",
"values": {
"items": [
{
"value": "TESTSYS"
}
]
}
},
{
"key": "ec2:ResourceTag/System",
"values": {
"items": [
{
"value": "TESTSYS"
}
]
}
},
{
"key": "XXXXXXXXXXXX:System",
"values": {
"items": [
{
"value": "TESTSYS"
}
]
}
},
{
"key": "ec2:AvailabilityZone",
"values": {
"items": [
{
"value": "us-east-1a"
}
]
}
},
{
"key": "ec2:Region",
"values": {
"items": [
{
"value": "us-east-1"
}
]
}
},
{
"key": "ec2:ResourceTag/Name",
"values": {
"items": [
{
"value": "TESTSYS"
}
]
}
},
{
"key": "ec2:ebsOptimized",
"values": {
"items": [
{
"value": "true"
}
]
}
},
{
"key": "ec2:InstanceType",
"values": {
"items": [
{
"value": "c4.large"
}
]
}
},
{
"key": "ec2:RootDeviceType",
"values": {
"items": [
{
"value": "ebs"
}
]
}
},
{
"key": "ec2:InstanceProfile",
"values": {
"items": [
{
"value": "arn:aws:iam::XXXXXXXXXXXX:instance-profile/EC2_TESTSYS"
}
]
}
}
]
}
}
}
}
当我尝试为StartInstance&的同一测试用户模拟此政策时StopInstance然后我确实看到允许的权限。
你能告诉我我错过了什么吗?
感谢您的帮助。
谢谢!
答案 0 :(得分:1)
您指定的是可用区而不是区域。试试#include<iostream>
#include<stack>
using namespace std;
int preceedence(char x) {
switch(x) {
case '+':
case '-':
return 1;
break;
case '*':
case '/':
return 2;
break;
case '^':
return 3;
break;
return -1;
}
}
// A utility function to check if the given character is operand
bool isOperand(char ch)
{
return (ch >= 'a' && ch <= 'z') || (ch >= 'A' && ch <= 'Z');
}
int infixToPostfix(string str) {
stack<char> operators;
string output;
for(string::iterator it = str.begin(); it != str.end(); ++it) {
if(isOperand(*it)) {
output += *it;
cout << *it;
} else if(*it == '('){
operators.push(*it);
} else if(*it == ')') {
while(!operators.empty() && operators.top() != '(') {
output += operators.top();
operators.pop();
}
if(!operators.empty() && operators.top() != '(') {
cout << "Invalid Expression";
return -1;
} else {
operators.pop();
}
} else { // An operator is encountered.
while(!operators.empty()) {
if(preceedence(*it) <= preceedence(operators.top())) {
output += operators.top();
operators.pop();
} else {
break;
}
}
operators.push(*it);
}
}
while(!operators.empty()) {
output += operators.top();
operators.pop();
}
cout << output<< endl;
return 0;
}
int main() {
string str;
//getline(std::cin, str);
str = "(1+2)*5";
cout << "The postfix conversion of the infix stream is : "<< endl;
infixToPostfix(str);
return 0;
}
us-east-1