如何显示特定的EC2实例的用户 [英] how to show specific ec2 instance for an user
问题描述
我有一些AWS EC2实例,并想只显示一个实例合作伙伴。
我创造了合作伙伴IAM用户。以下是我创造了我的政策。 但是,当合作伙伴登录到AWS,看看EC2实例来看,下面的消息显示,并没有显示任何实例。
这是出错获取实例数据:您没有权限 执行此操作。
{
版本:2012年10月17日,
声明: [
{
行动: [
EC2:*
]
锡德:Stmt1373378552000
资源:
阿尔恩:AWS:EC2:AP-东北-1:123456789012:实例/ I-12345678
]
效果:允许
}
]
}
(123456789012是(假)我的帐户ID和i-12345678是一个实例,我喜欢展示)
我也试图通过标签名称来指定一个像下面,但不工作。
条件:{
StringEquals:{
EC2:ResourceTag /名称:节点B
}
},
有谁知道如何表达特定的EC2实例合作伙伴??
这是目前不支持。
只有所选的Amazon EC2 API操作目前支持资源级权限:
- 描述通话不支持资源级权限
- 开始/停止/终止(和其他人)的支持
AWS管理控制台使用 DescribeInstances 通话,不能仅限于一个特定的资源。因此,您收到的错误。
另请参阅:
I have some aws ec2 instances and would like to show ONLY one instance for partners.
I created IAM user for the partner. following is my policy I created. But when partner logins to aws and see ec2 instance view, following message displayed and no instance is displayed.
An error occurred fetching instance data: You are not authorized to perform this operation.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:*"
],
"Sid": "Stmt1373378552000",
"Resource": [
"arn:aws:ec2:ap-northeast-1:123456789012:instance/i-12345678"
],
"Effect": "Allow"
}
]
}
(123456789012 is (dummy)my Account Id and i-12345678 is a instance I like to show)
I also tried to specify by tag name like following, but does not work..
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Name": "node-B"
}
},
Does anyone know how to show specific ec2 instance for partners??
This is not currently supported.
Only selected Amazon EC2 API actions currently support resource-level permissions:
- Describe calls do not support resource-level permissions
- Start/Stop/Terminate (and others) are supported
The AWS Management Console is using a DescribeInstances call, which cannot be restricted to a specific resource. Hence, the error you received.
See also:
这篇关于如何显示特定的EC2实例的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
