[英]AWS IAM Policy to allow full access to services, but only on the instances this user created
[英]AWS IAM policy. Allow user to delete only the ec2 instances that they created
如何更改策略以允許用戶僅刪除他們創建的ec2實例? 我從這里的文件中得到了一個例子。 創建標簽,並將其標記到我的實例,這是唯一的方法嗎? 謝謝!
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/critical":"true"
}
},
"Resource": [
"arn:aws:ec2:your_region:your_account_ID:instance/*"
],
"Effect": "Allow"
}
]
}
只要允許Action
特定的EC2實例(資源)。
指向文檔 。
示例(我添加了PUT_INSTANCE_ID_HERE )
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/critical": "true"
}
},
"Resource": [
"arn:aws:ec2:your_region:your_account_ID:instance/PUT_INSTANCE_ID_HERE"
],
"Effect": "Allow"
}
]
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.