1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
That article should be fine, though it's a bit confusing! As it says, "Note: Modify key1 and value1 in the example policies to include the tags and values that apply to your resources". So are you using their examples with "key1" replaced by "UserID"?
Since your tag is "UserID" I'm guessing you want to make sure any instance created has this tag key, but you don't care about the specific value. So the section "Launch EC2 instances that have at least one matching tag key" is what you're after? If so, e.g.:
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"UserID"
]
}
}
Contenuto pertinente
AWS UFFICIALEAggiornata 2 anni fa- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata 3 anni fa
Hi,
Tried with changes mentioned above still able to create instances without tag
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow", "Action": [ "ec2:Describe*" ], "Resource": "" }, { "Sid": "AllowRunInstances", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:::image/", "arn:aws:ec2:::snapshot/", "arn:aws:ec2:::subnet/", "arn:aws:ec2:::network-interface/", "arn:aws:ec2:::security-group/", "arn:aws:ec2:::key-pair/" ] }, { "Sid": "AllowRunInstancesWithRestrictions", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:::volume/", "arn:aws:ec2:::instance/", "arn:aws:ec2:::network-interface/" ], "Condition": { "StringEquals": { "aws:RequestTag/key1": "value1", "aws:RequestTag/key2": "value2" }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "key1", "