我试图创建一个 IAM 策略,对具有特定标签的机器具有只读访问权限,并仅为这些机器授予 EC2 实例连接权限。
我试过了。但不工作。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "arn:aws:ec2:*:7352673452763:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "arn:aws:ec2:*:015107134915:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
}
]
}
授予权限后我看不到任何机器。有人能帮我解决这些问题吗
答案 0 :(得分:1)
ec2-instance-connect
权限支持的资源类型是
arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}
和 ec2:Describe*
适用于所有资源。
Actions, resources, and condition keys for Amazon EC2 Instance Connect
Actions, resources, and condition keys for Amazon EC2
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "arn:aws:ec2:*:7352673452763:instance/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}