1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
That article should be fine, though it's a bit confusing! As it says, "Note: Modify key1 and value1 in the example policies to include the tags and values that apply to your resources". So are you using their examples with "key1" replaced by "UserID"?
Since your tag is "UserID" I'm guessing you want to make sure any instance created has this tag key, but you don't care about the specific value. So the section "Launch EC2 instances that have at least one matching tag key" is what you're after? If so, e.g.:
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"UserID"
]
}
}
関連するコンテンツ
AWS公式更新しました 3年前
Hi,
Tried with changes mentioned above still able to create instances without tag
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow", "Action": [ "ec2:Describe*" ], "Resource": "" }, { "Sid": "AllowRunInstances", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:::image/", "arn:aws:ec2:::snapshot/", "arn:aws:ec2:::subnet/", "arn:aws:ec2:::network-interface/", "arn:aws:ec2:::security-group/", "arn:aws:ec2:::key-pair/" ] }, { "Sid": "AllowRunInstancesWithRestrictions", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:::volume/", "arn:aws:ec2:::instance/", "arn:aws:ec2:::network-interface/" ], "Condition": { "StringEquals": { "aws:RequestTag/key1": "value1", "aws:RequestTag/key2": "value2" }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "key1", "