试图将用户设置为只能访问一种类型的实例,并且只能停止和启动该实例。但当我为它设置策略时,我只收到一个错误,说未授权:
An error occurred fetching instance data: You are not authorized to perform this operation.
已从安全页面检索到帐户ID。
为了测试,我允许所有操作(ec2:*),并尝试了这些策略的
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "arn:aws:ec2:us-east-1:XXXXXXXXXX:instance/i-XXXXXXX"
}
]
}
带有标签开发
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1411556016000",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource" : "*"
"Condition": {
"ArnEquals": {
"ec2:ResourceTag/Environment": "dev"
}
}
}
]
}
这可能是这个问题的重复,但要回答,您可能还需要授予DescribeInstances权限。