aws-ec2-spot-fleet-tagging-role是要请求现货船队时需要在您的帐户中扮演的角色。角色的配置如下所示:
{
"Name": "aws-ec2-spot-fleet-tagging-role",
"ManagedPolicies": [
"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
],
"TrustPolicy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"spotfleet.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
}
我正在使用一个角色来证明我帐户中的Spotfleet。我该如何授予我的角色足够的权限,以便如果aws-ec2-spot-fleet-tagging-role不存在,该角色将自己创建?
我创建了以下策略,其目的是将该策略附加到我的角色上:
"Effect": "Allow",
"Action": "iam:CreateRole",
"Resource": "arn:aws:iam::MYAWSACCOUNTNUMBER:role/aws-ec2-spot-fleet-tagging-role",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "spotfleet.amazonaws.com",
"iam:PolicyARN": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}
}
我知道我的保单的条件要素有问题。它只是我不知道。如果我通过管理员凭据登录,然后单击Request SpotFleet按钮,则会自动创建aws-ec2-spot-fleet-tagging-role。