AWS IAM政策。允许用户仅删除他们创建的ec2实例

时间:2017-06-22 07:37:49

标签: amazon-web-services amazon-ec2 amazon-iam policy

如何更改策略以允许用户仅删除他们创建的ec2实例?我从这里的文件中得到了一个例子。创建标签,并将其标记到我的实例,这是唯一的方法吗?谢谢!

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:StartInstances",
        "ec2:StopInstances",      
        "ec2:RebootInstances",
        "ec2:TerminateInstances"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/critical":"true"
        }
      },
      "Resource": [
        "arn:aws:ec2:your_region:your_account_ID:instance/*"
      ],
      "Effect": "Allow"
    }
  ]
}

1 个答案:

答案 0 :(得分:0)

只允许Action获取特定的EC2实例(资源)。

指向documentation

示例(我添加 PUT_INSTANCE_ID_HERE 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:RebootInstances",
                "ec2:TerminateInstances"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/critical": "true"
                }
            },
            "Resource": [
                "arn:aws:ec2:your_region:your_account_ID:instance/PUT_INSTANCE_ID_HERE"
            ],
            "Effect": "Allow"
        }
    ]
}
相关问题
最新问题