限制用户启动 EC2 实例
[英]restricting users from launching EC2 instances
问题描述
I want to set up cloud access where I will be creating EC2 instances and assigning to the users.
我想设置云访问,我将在其中创建 EC2 实例并分配给用户。 I do not want the participants to launch new instances but be able to start, stop and login to their instances.我不希望参与者启动新实例但能够启动、停止和登录到他们的实例。 Also I need a way to share the pem files securely to them.我还需要一种方法来安全地与他们共享 pem 文件。 I have created IAM users and groups but struck with the IAM policies and sharing the keys.我已经创建了 IAM 用户和组,但对 IAM 策略和共享密钥感到震惊。
2 个解决方案
解决方案1
0 2020-11-11 11:05:58
Here is an interesting Serverfault response on how to let other users access the EC2.这是一个关于如何让其他用户访问 EC2 的有趣的 Serverfault 响应。 There is no need to share the pem file which has the Private Key.无需共享具有私钥的 pem 文件。 This can be done via sharing the Public Key of the users who need to access the EC2.这可以通过共享需要访问 EC2 的用户的公钥来完成。 And there is no need to secure the Public Key.并且无需保护公钥。
As far as giving the appropriate permissions to the users, the default AWS policies won't be sufficient and a customer managed policy has to be created as mentioned in the AWS documentation here .就向用户提供适当的权限而言,默认的 AWS 策略是不够的,必须创建customer managed的策略,如此处的 AWS 文档中所述。
Use the below JSON while creating the policy.创建策略时使用以下 JSON。 Note that creating Policies in AWS is free.请注意,在 AWS 中创建策略是免费的。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeInstances"
],
"Resource": "arn:aws:ec2:*:*:instance/*"
}
]
}
解决方案2
-1 2020-11-11 09:11:45
you need to use role: for example simple-developer that can't create the ec2 instance and assign the role to the users您需要使用角色:例如无法创建 ec2 实例并将角色分配给用户的简单开发人员
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.