EC2创建实例需要什么权限
[英]What are the permission required for EC2 create Instance
问题描述
I am trying to create a policy for giving the user the permission to create Ec2 instance but I dont wan't to give all the permission inside write.
我正在尝试创建一个策略来授予用户创建 Ec2 实例的权限,但我不想在写入时授予所有权限。 Please verify if these permissions are enough or if some permission is extra请验证这些权限是否足够或某些权限是否额外
{
"Version": "2020-06-16",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "*"
}
]
}
2 个解决方案
解决方案1
3 已采纳 2020-06-16 13:27:52
I can confirm these permissions should work if using the Console Wizard .如果使用控制台向导,我可以确认这些权限应该有效。
More examples of policies for other situations can be found here .有关其他情况的更多策略示例,请参见此处。
If you're ever in need of testing scenarios feel free to take a look at the IAM policy simulator .如果您需要测试场景,请随时查看IAM 策略模拟器。 It can really help you to validate your permissions against actions easily without having to script or attempt executing the change(s) each time.它确实可以帮助您轻松地针对操作验证您的权限,而无需每次编写脚本或尝试执行更改。
解决方案2
0 2023-01-04 05:39:44
Here you have to give create tag access, as for run instances it's a must needed option.Here I am attaching my policy for your refrence.在这里您必须授予创建标签访问权限,至于运行实例,这是必须的选项。这里我附上我的政策供您参考。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeInstanceTypes",
"ec2:RunInstances",
"ec2:DescribeSubnets",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
} }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.