[英]AWS IAM policy. Allow user to delete only the ec2 instances that they created
如何更改策略以允許用戶僅刪除他們創建的ec2實例? 我從這里的文件中得到了一個例子。 創建標簽,並將其標記到我的實例,這是唯一的方法嗎? 謝謝!
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/critical":"true"
}
},
"Resource": [
"arn:aws:ec2:your_region:your_account_ID:instance/*"
],
"Effect": "Allow"
}
]
}
只要允許Action特定的EC2實例(資源)。
指向文檔 。
示例(我添加了PUT_INSTANCE_ID_HERE )
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/critical": "true"
}
},
"Resource": [
"arn:aws:ec2:your_region:your_account_ID:instance/PUT_INSTANCE_ID_HERE"
],
"Effect": "Allow"
}
]
}
AWS IAM策略,允許完全訪問服務,但僅在此用戶創建的實例上
[英]AWS IAM Policy to allow full access to services, but only on the instances this user created
在 AWS 中創建 IAM 策略以保護具有特定 ID 的 EC2 實例
[英]Creating IAM policy in AWS to protect EC2 instances with specific IDs
在 AWS 中,拒絕使用 JSON 向 IAM 用戶刪除 EC2 區域中特定可用區中卷的權限的策略
[英]In AWS, policy to deny permissions to delete volume in particular availability zone in region in EC2 with JSON to IAM user
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.