2 回答
- 最新
- 投票最多
- 评论最多
0
Hi,
ec2:ModifyInstanceAttribute
does support the conditions stated in the link you posted. Here's also an example of a valid policy using conditions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:ModifyInstanceAttribute",
"Resource": "arn:aws:ec2:*:111111111111:instance/*",
"Condition": {
"StringEqualsIfExists": {
"aws:ResourceTag/example": "works"
}
}
}
]
}
Could you elaborate what you mean by
the poster is saying " At this time, there isn't a way to restrict "ModifyInstanceAttribute" to specific condition or resource.
0
I am struggling to see if this is even possible
Everything I have looked at myself, says you cant create an IAM policy that matches DeleteOnTermination value of Modifyinstanceattribute
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 7 个月前
Sorry i was referring to this post
https://repost.aws/questions/QUhZFUDY0OQCmEy8mc1Q7UnQ
But can you tell me, if i want to match DeleteOnTermination value of Modifyinstanceattribute, can we do it? i dont know how to match the list or array object