我需要创建可以访问自定义创建的ssm文档的策略,该策略只能在指定的EC2实例中运行。
我尝试过像这样的策略但是控制文件在实例上运行是不够的。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2messages:DeleteMessage",
"ec2messages:GetEndpoint",
"ec2messages:FailMessage",
"ec2messages:AcknowledgeMessage",
"ec2messages:SendReply",
"ec2messages:GetMessages"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:UpdateInstanceInformation",
"ssm:UpdateAssociationStatus",
"ssm:ListInstanceAssociations",
"ssm:ListAssociations",
"ssm:UpdateInstanceAssociationStatus"
],
"Resource": [
"arn:aws:ssm:us-east-1:xxxxxxxxxx:document/xxxxxxxxxx",
"arn:aws:ec2:us-east-1:xxxxxxxxxx:instance/*"
]
}
]
}
这可行吗?
非常感谢帮助。感谢