1 回答
- 最新
- 投票最多
- 评论最多
0
That article should be fine, though it's a bit confusing! As it says, "Note: Modify key1 and value1 in the example policies to include the tags and values that apply to your resources". So are you using their examples with "key1" replaced by "UserID"?
Since your tag is "UserID" I'm guessing you want to make sure any instance created has this tag key, but you don't care about the specific value. So the section "Launch EC2 instances that have at least one matching tag key" is what you're after? If so, e.g.:
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"UserID"
]
}
}
相关内容
AWS 官方已更新 3 年前- AWS 官方已更新 4 个月前
Hi,
Tried with changes mentioned above still able to create instances without tag
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow", "Action": [ "ec2:Describe*" ], "Resource": "" }, { "Sid": "AllowRunInstances", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:::image/", "arn:aws:ec2:::snapshot/", "arn:aws:ec2:::subnet/", "arn:aws:ec2:::network-interface/", "arn:aws:ec2:::security-group/", "arn:aws:ec2:::key-pair/" ] }, { "Sid": "AllowRunInstancesWithRestrictions", "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:::volume/", "arn:aws:ec2:::instance/", "arn:aws:ec2:::network-interface/" ], "Condition": { "StringEquals": { "aws:RequestTag/key1": "value1", "aws:RequestTag/key2": "value2" }, "ForAnyValue:StringEquals": { "aws:TagKeys": [ "key1", "