IAM允许用户访问区域中ec2的所有内容 [英] IAM allowing a user to access everything for ec2 on a region
本文介绍了IAM允许用户访问区域中ec2的所有内容的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正试图允许一个用户对us-west-2进行所有操作,这是我的政策.
I'm trying to allow one user to all actions on us-west-2, this is the policy I have.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["ec2:*"],
"Resource": "arn:aws:ec2:us-west-2:837625274593:*"
}
]
}
我从实例的"OWNER"参数获得了帐号,不确定是否是这样.
I got the account number from "OWNER" parameter on an instance, not sure if is it.
推荐答案
{
"Statement": [
{
"Sid": "Stmt1375943389569",
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": "us-west-2"
}
}
}
]
}
这应该使用户能够仅在us-west-2区域内对ec2进行所有访问
That should enable the user to have all access to ec2 in only the us-west-2 region
这篇关于IAM允许用户访问区域中ec2的所有内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文