2 個答案
- 最新
- 最多得票
- 最多評論
1
you can create an IAM group or role, such as EC2LaunchAllowed, and attach a policy allowing the necessary actions to this group or role. Then, add users who should have this permission to the group or assign them the role. This approach is both straightforward and secure.
0
Hello.
When creating EC2, I think the following documents will be helpful.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/supported-iam-actions-tagging.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyRunInstancesWithoutTag",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"Null": {
"aws:RequestTag/Project": "true"
}
}
}
]
}
If you want to start EC2, you can use "ec2:StartInstances".
https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Condition": {
"Null": {
"ec2:ResourceTag/Owner": false
},
"StringEqualsIfExists": {
"ec2:ResourceTag/Owner": "HOGE"
}
}
}
]
}
相關內容
- 已提問 6 個月前
- 已提問 7 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前