我已经从root帐户中设置了具有各种特权级别的独立IAM用户,并且我需要为特定IAM用户提供2个特定实例的所有EC2服务访问权限
我使用了AWS策略生成器并获得了以下策略,但它不起作用
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:us-east-1:ACCOUNT_ID:instance/INSTANCE_ID",
"arn:aws:ec2:us-east-1:ACCOUNT_ID:instance/INSTANCE_ID"
]
}
]
}
如何授予特定实例权限,因此IAM用户只能管理那些特定实例,而不能访问任何其他实例或服务。
答案 0 :(得分:0)
您可以通过标签来实现。如AWS Docs所述,您可以尝试以下政策。
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Owner": "Bob"
}
},
"Resource": [
"arn:aws:ec2:us-east-1:111122223333:instance/*"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}