我已将IAM用户与具有各种特权级别的root帐户进行了设置,我需要为特定IAM用户提供2个特定实例的所有EC2服务访问权限
我使用了AWS策略生成器并获得了以下策略,但它不起作用
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:us-east-1:ACCOUNT_ID:instance/INSTANCE_ID",
"arn:aws:ec2:us-east-1:ACCOUNT_ID:instance/INSTANCE_ID"
]
}
]
}
我如何授予特定实例的权限,以便IAM用户只能管理这些特定实例而无需访问任何其他实例或服务。
您可以通过标签实现此目标。如AWS文档所述,您可以尝试以下策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RebootInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Owner": "Bob"
}
},
"Resource": [
"arn:aws:ec2:us-east-1:111122223333:instance/*"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
}
]
}