我试图创建一个只读访问具有特定标记的机器的IAM策略,并仅为这些机器授予EC2实例连接。
我试过了。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "arn:aws:ec2:*:7352673452763:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "arn:aws:ec2:*:015107134915:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
}
]
}
当权限被授予时,我看不到任何机器。谁能帮我拿一下这些?
ec2-instance-connect权限支持的资源类型为
攻击:${分区}:ec2: ${地区}:${账户}:实例/$ {InstanceId}
和ec2:Describe*适用于所有资源
Amazon EC2 Instance Connect的操作、资源和条件键
Amazon EC2的操作、资源和条件键
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "arn:aws:ec2:*:7352673452763:instance/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}