IAM allowing a user to access everything for ec2 on a region

问题

I'm trying to allow one user to all actions on us-west-2, this is the policy I have.

{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": ["ec2:*"],
      "Resource": "arn:aws:ec2:us-west-2:837625274593:*"
    }
   ]
}

I got the account number from "OWNER" parameter on an instance, not sure if is it.

回答1:

{
  "Statement": [
    {
      "Sid": "Stmt1375943389569",
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:Region": "us-west-2"
        }
      }
    }
  ]
}

That should enable the user to have all access to ec2 in only the us-west-2 region

来源：https://stackoverflow.com/questions/18112784/iam-allowing-a-user-to-access-everything-for-ec2-on-a-region

标签

amazon-web-services

amazon-ec2

amazon-iam

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!