Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/redis/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon iam IAM策略通过映像名称拒绝AMI映像_Amazon Iam - Fatal编程技术网
Fatal编程技术网
  • amazon-iam/
  • Amazon iam IAM策略通过映像名称拒绝AMI映像

Amazon iam IAM策略通过映像名称拒绝AMI映像

Amazon iam IAM策略通过映像名称拒绝AMI映像,amazon-iam,Amazon Iam,我可以通过IAM策略中的arn ami“arn:AWS:ec2::::::::Image/ami xxx”轻松拒绝AWS映像的部署,但我尝试拒绝所有RedHat映像(市场/社区ami)部署 是否可以通过资源标签和AMI名称“RHEL-8.2.0_HVM-20200423-x86_64-0-Hourly2-GP2”实现 埃克斯马普 "Version": "2012-10-17", "Statement": [

我可以通过IAM策略中的arn ami“arn:AWS:ec2::::::::Image/ami xxx”轻松拒绝AWS映像的部署,但我尝试拒绝所有RedHat映像(市场/社区ami)部署

是否可以通过资源标签和AMI名称“RHEL-8.2.0_HVM-20200423-x86_64-0-Hourly2-GP2”实现

埃克斯马普

    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyAMIAccess",
            "Effect": "Deny",
            "Action": [
                "ec2:RunScheduledInstances",
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*::image/ami-0810abbfb78d37cdf",
                "arn:aws:ec2:*::image/ami-0e2cfc23d72b5cb98",
                "arn:aws:ec2:*::image/name/RHEL*",
                "arn:aws:ec2:*::image/RHEL*"
            ]
        }
    ]
}```
请尝试以下选项,并在“允许”中添加资源“*”

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyAMIAccess",
      "Effect": "Deny",
      "Action": [
        "ec2:RunScheduledInstances",
        "ec2:RunInstances"
      ],
      "Resource": [
        "arn:aws:ec2:*::image*"
      ],
      "Condition": {
        "StringNotLike": {
          "aws:RequestTag/Name": "RHEL"
        }
      }
    },
    {
      "Sid": "DenyAMIAccess",
      "Effect": "Deny",
      "Action": [
        "ec2:RunScheduledInstances",
        "ec2:RunInstances"
      ],
      "Resource": [
        "arn:aws:ec2:*::image*"
      ],
      "Condition": {
        "Null": {
          "aws:RequestTag/Name": "true"
        }
      }
    }
  ]
}