AWS IAM：允许EC2实例自行停止 [英] AWS IAM: Allow EC2 instance to stop itself

问题描述

我正在尝试允许我们AWS账户中的所有EC2实例自行停止（使用使用aws cli的自动脚本）。我尝试通过使用适当的策略创建一个AWS IAM角色来做到这一点。但是，我找不到如何将策略定义为仅允许实例自行停止（而不是其他实例）。

I'm trying to allow all EC2 instances in our AWS account to stop themselves (using an automated script that uses the aws cli). I try to do so by creating an AWS IAM role with the propper policy. However, I can't find how to define the policy to only Allow instances to stop itself (and not other instances).

我尝试了以下策略

{
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Action": [
                 "ec2:StopInstances"
             ],
             "Resource": [
                 "${ec2:SourceInstanceARN}"
             ]
         }
     ]
}

但是在验证时，这给了我错误此策略包含以下错误：以下资源无效：$ {ec2：SourceInstanceARN}

But on validation, this gives me the error This policy contains the following error: The following resources are invalid : ${ec2:SourceInstanceARN}

是否有一种方法允许实例停止自身（并且仅停止自身）？如果是这样，我应该怎么做？

Is there a way to allow an instance to stop itself (and only itself)? If so, how should I do it?

推荐答案

正如Mark B在评论中建议的那样，我通过更改脚本解决了我的问题使用关机而不是 aws ec2 stop-instances 。这使得不必要使用任何策略，因为任何系统都可以对自身（仅对自身）执行关闭操作。

As Mark B suggested in the comments, I solved my problem by changing my script to use shutdown rather than aws ec2 stop-instances. This makes the use of any policy needless, as any system can execute shutdown on itself (and only itself).

这篇关于AWS IAM：允许EC2实例自行停止的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！