AWS IAM Show only untagged EC2 instances

前端未结

关注

 2  1536

刺人心 2021-01-26 07:22

I\'m attempting to introduce a guest IAM policy to restrict the access to the EC2 instances. I\'m trying to reach that, the guest policy shows only that instances,

2条回答

猫巷女王i (楼主)

2021-01-26 08:08

I think that when you have multiple conditions on a single IAM statement, they are handled in an AND situation, meaning that both must be true.

Try using 2 statements, each with a single condition:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "ec2:Describe*"
        ],
        "Resource": "*",
        "Condition": {
            "StringEquals": {
                "ec2:ResourceTag/Department": "Guest"
            }
        }
    },
    {
        "Sid": "VisualEditor1",
        "Effect": "Allow",
        "Action": [
            "ec2:Describe*"
        ],
        "Resource": "*",
        "Condition": {
            "Null": {
                "ec2:ResourceTag/Department": "true"
            }
        }
    }
]}

0 讨论(0)

查看其它2个回答