2 réponses
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hi,
ec2:ModifyInstanceAttribute
does support the conditions stated in the link you posted. Here's also an example of a valid policy using conditions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:ModifyInstanceAttribute",
"Resource": "arn:aws:ec2:*:111111111111:instance/*",
"Condition": {
"StringEqualsIfExists": {
"aws:ResourceTag/example": "works"
}
}
}
]
}
Could you elaborate what you mean by
the poster is saying " At this time, there isn't a way to restrict "ModifyInstanceAttribute" to specific condition or resource.
0
I am struggling to see if this is even possible
Everything I have looked at myself, says you cant create an IAM policy that matches DeleteOnTermination value of Modifyinstanceattribute
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
Sorry i was referring to this post
https://repost.aws/questions/QUhZFUDY0OQCmEy8mc1Q7UnQ
But can you tell me, if i want to match DeleteOnTermination value of Modifyinstanceattribute, can we do it? i dont know how to match the list or array object