2 Risposte
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
1
you can create an IAM group or role, such as EC2LaunchAllowed, and attach a policy allowing the necessary actions to this group or role. Then, add users who should have this permission to the group or assign them the role. This approach is both straightforward and secure.
0
Hello.
When creating EC2, I think the following documents will be helpful.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/supported-iam-actions-tagging.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyRunInstancesWithoutTag",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"Null": {
"aws:RequestTag/Project": "true"
}
}
}
]
}
If you want to start EC2, you can use "ec2:StartInstances".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Condition": {
"Null": {
"ec2:ResourceTag/Owner": false
},
"StringEqualsIfExists": {
"ec2:ResourceTag/Owner": "HOGE"
}
}
}
]
}
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 4 mesi fa