请帮助我验证我的政策是否正确,因为我无法使用此政策附加EBS卷?
没有错误,唯一的可能是我的政策可能不正确?
任何建议或建议。在我的情况下有多个EBS实例,我试图通过循环添加,所以可能是这种可能性,但在检查该部分之前,我需要确保不应该有问题政策部分。
ec2-attach-volume --instance-id "$instanceId" --volume-id "$volumeid" --device xvdb
InstanceRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Join
- '-'
- - !Ref Product
- !Ref Environment
- !Ref EnvironmentNo
- role
- docker
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: S3Download
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 's3:GetObject'
- ec2:AttachVolume
- ec2:DetachVolume
- ec2:DescribeInstanceAttribute
- ec2:DescribeInstances
- ec2:DescribeInternetGateways
- ec2:DescribeKeyPairs
- ec2:DescribeNetworkAcls
- ec2:DescribePlacementGroups
- ec2:DescribeRegions
- ec2:DescribeRouteTables
- ec2:DescribeSecurityGroups
- ec2:DescribeSnapshotAttribute
- ec2:DescribeSnapshots
- ec2:DescribeSpotDatafeedSubscription
- ec2:DescribeSpotInstanceRequests
- ec2:DescribeSpotPriceHistory
- ec2:DescribeSubnets
- ec2:DescribeTags
- ec2:DescribeVolumes
- ec2:DescribeVpcs
- ec2:DescribeVpnConnections
- ec2:DescribeVpnGateways
- ec2:GetConsoleOutput
- ec2:StartInstances
- ec2:RunInstances
- ec2:StopInstances
- ec2:UnmonitorInstances
- ec2:DescribeAddresses
Resource: "*"
InstanceProfile:
Type: 'AWS::IAM::InstanceProfile'
Properties:
Roles:
- !Ref InstanceRole
答案 0 :(得分:0)
如果有人想要使用它,这是正确的政策!!!