- 最新
- 最多得票
- 最多評論
Hello.
First of all, you cannot stop EC2 with "ec2:StartInstances" alone.
"ec2:StopInstances" is also required to stop EC2.
By the way, is the ARN set in the trust policy correct?
For example, how about making it available to all EventBridge schedulers as follows?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
I think the following blog will be helpful for the settings itself.
https://dev.to/aws-builders/easy-setup-for-ec2-stop-jobs-with-amazon-eventbridge-scheduler-4lpg
this is my event policy { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:StartInstances", "Resource": "arn:aws:ec2:eu-central-1:xxxxxxxxxxx45:instance/i-02307ed149403dd12", "Effect": "Allow" } ] }
and its trust relation
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceArn": "arn:aws:scheduler:eu-central-1:XXXXXXXXXXX45:schedule/default/linuxStartSchedule", "aws:SourceAccount": "Xxxxxxxxxxxx45" } } } ] }
I dont think there is a problem with the IAM roles, becuse I use the same roles in my pro enviorment and it works without any problem! when use them in my sandbox account it wont work
相關內容
- 已提問 6 個月前
- 已提問 7 個月前
- AWS 官方已更新 10 個月前
- AWS 官方已更新 7 個月前
- AWS 官方已更新 1 年前
Hi, thank you for your reply, Sorry for the misunderstanding I have also creatred a different role for starting the instance, that's why I post it by mistake. I have 1 more Role that is being used for the for instance, it has AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy as permissions and The arn is correct, I just copy it from the instance page. I also change the role by removing the arn, but still the same result.
Shahin
What is the IAM role configured for the EventBridge scheduler? Try checking the EventBridge scheduler IAM role instead of the EC2 IAM role.