2 回答
- 最新
- 投票最多
- 评论最多
1
you can create an IAM group or role, such as EC2LaunchAllowed, and attach a policy allowing the necessary actions to this group or role. Then, add users who should have this permission to the group or assign them the role. This approach is both straightforward and secure.
0
Hello.
When creating EC2, I think the following documents will be helpful.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/supported-iam-actions-tagging.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyRunInstancesWithoutTag",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"Null": {
"aws:RequestTag/Project": "true"
}
}
}
]
}
If you want to start EC2, you can use "ec2:StartInstances".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Condition": {
"Null": {
"ec2:ResourceTag/Owner": false
},
"StringEqualsIfExists": {
"ec2:ResourceTag/Owner": "HOGE"
}
}
}
]
}
相关内容
AWS 官方已更新 2 年前
