不能看到实例时在IAM的AWS应用自定义策略 [英] Cant see instance when apply a custom policy in IAM in AWS

问题描述

我创建了一个政策，限制用户的访问权限，以一个实例：

I have created a policy for restricting access of a user to a single instance as:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1392113879000",
      "Effect": "Allow",
      "Action": [
        "ec2:*"
      ],
      "Resource": [
        "arn:aws:ec2:us-east-1:account:instance/instance_id"
      ]
    }
  ]
}

不过，我收到此错误：

But I am getting this error:

You are not authorized to describe Running Instances
You are not authorized to describe Elastic IPs 
You are not authorized to describe Volumes 
You are not authorized to describe Snapshots 
You are not authorized to describe Key Pairs 
You are not authorized to describe Load Balancers 
You are not authorized to describe Placement Groups 
You are not authorized to describe Security Groups

我不能在控制台中看到的实例。如果我不能落实这件事情又是什么用的政策!!

I cant see the instance in the console. If i cant implement this thing then what is the use of policies!!

林卡住，请帮忙

推荐答案

从的 IAM-政策换亚马逊EC2

目前，并非所有的API操作支持个人ARNS;我们将添加   额外的API操作和ARNS额外的Amazon EC2支持   资源后。有关哪些ARNS你可以使用   其中亚马逊EC2 API操作，以及支持条件键   每个ARN，请参阅支持的资源和条件，亚马逊EC2 API   动作。

Currently, not all API actions support individual ARNs; we'll add support for additional API actions and ARNs for additional Amazon EC2 resources later. For information about which ARNs you can use with which Amazon EC2 API actions, as well as supported condition keys for each ARN, see Supported Resources and Conditions for Amazon EC2 API Actions.

所以，wiritng EC2：* 是不会帮你的。相反，你应该提供您希望授予该用户的确切的API操作。

So, wiritng ec2:* is not going to help you. Instead, you should provide exact API actions that you wish to grant to this user.

此外，从相同的链接引用以上提及：

Also, quoting from the same link referred above:

要指定所有资源，或者一个特定的API操作不支持ARNS，使用*通配符在资源要素如下：

To specify all resources, or if a specific API action does not support ARNs, use the * wildcard in the Resource element as follows:

指定限制性EC2的IAM策略是有点复杂。你可能想仔细阅读上面提到的链接，以及这链接。

Assigning restrictive EC2 IAM polices is a bit complicated. You may want to read above referred link in detail as well as this link.

这篇关于不能看到实例时在IAM的AWS应用自定义策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！