- 最新
- 投票最多
- 评论最多
You can do this by tagging your instance(s) with a particular value (say, Accounts
) and then writing an IAM policy which allows access to EC2 resources with that tag: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/control-access-with-tags.html
It is as easy as including "StringEquals": { "aws:ResourceTag/environment": "Accounts" }
in the Condition
part of the IAM policy.
There are many other examples in the documentation.
Note that you're going to have to define what you mean by "access". The IAM policy allows you to control who can administer the instance(s) from the console or command-line interface or any other API. If you mean "who can SSH or RDP to the instance" then you might want to look at Session Manager or control access on the instance itself using the operating system controls.
相关内容
- AWS 官方已更新 2 年前