我已经为一个IAM用户附加了以下策略,该策略应该允许用户创建EC2实例(EBS支持)的快照。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1473146965806",
"Action": [
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:MY_ACCOUNT_ID:*/*"
}
]
}
但是当用户尝试执行创建快照的命令时,出现以下错误:
An error occurred (UnauthorizedOperation) when calling the CreateSnapshot
operation: You are not authorized to perform this operation.
政策中有什么不正确的?
CreateSnapshot不支持资源级权限,您可以使用通配符"Resource":"*":
<>之前{"版本":"2012-10-17","声明":[{"席德":"Stmt1473146965806","行动"("ec2: CreateSnapshot"],"效应":"允许","资源":"*"}]}之前http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html ec2-api-unsupported-resource-permissions