AWS IAM访问管理 [英] AWS IAM Access Management

问题描述

我知道，你可以设置一个IAM策略来限制对服务的访问。但是，是否有可能建立一个政策，允许访问服务的一部分。

I know that you can set up an IAM policy to restrict access to services. However, is it possible to set up a policy to allow access to a part of a service.

例如。我是2 EC2实例。我需要建立两个用户，使他们有一个访问AWS控制台，但只有一个EC2实例每次。

E.g. I am two EC2 instances. I need to create two users such that they have an access to the AWS console, but only to one EC2 instance each.

推荐答案

是的，你可以使用的资源级别的EC2 权限

Yes you can do this with Resource-Level Permissions for EC2

的资源的结构表示的在文档如下：

The structure of the resource is stated in the documentation as follows:

arn:aws:[service]:[region]:[account]:resourceType/resourcePath

下面是你将如何组织每个用户的IAM策略：

Here is how you would structure the IAM policies for each user:

用户1

{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/InstanceIdOne"
    }
   ]
}

用户2

{
   "Version": "2012-10-17",
   "Statement": [{
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "arn:aws:ec2:us-east-1:123456789012:instance/InstanceIdTwo"
    }
   ]
}

这篇关于AWS IAM访问管理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！