Amazon iam IAM策略通过映像名称拒绝AMI映像
我可以通过IAM策略中的arn ami“arn:AWS:ec2::::::::Image/ami xxx”轻松拒绝AWS映像的部署,但我尝试拒绝所有RedHat映像(市场/社区ami)部署 是否可以通过资源标签和AMI名称“RHEL-8.2.0_HVM-20200423-x86_64-0-Hourly2-GP2”实现 埃克斯马普Amazon iam IAM策略通过映像名称拒绝AMI映像,amazon-iam,Amazon Iam,我可以通过IAM策略中的arn ami“arn:AWS:ec2::::::::Image/ami xxx”轻松拒绝AWS映像的部署,但我尝试拒绝所有RedHat映像(市场/社区ami)部署 是否可以通过资源标签和AMI名称“RHEL-8.2.0_HVM-20200423-x86_64-0-Hourly2-GP2”实现 埃克斯马普 "Version": "2012-10-17", "Statement": [
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAMIAccess",
"Effect": "Deny",
"Action": [
"ec2:RunScheduledInstances",
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*::image/ami-0810abbfb78d37cdf",
"arn:aws:ec2:*::image/ami-0e2cfc23d72b5cb98",
"arn:aws:ec2:*::image/name/RHEL*",
"arn:aws:ec2:*::image/RHEL*"
]
}
]
}```
请尝试以下选项,并在“允许”中添加资源“*”
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyAMIAccess",
"Effect": "Deny",
"Action": [
"ec2:RunScheduledInstances",
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*::image*"
],
"Condition": {
"StringNotLike": {
"aws:RequestTag/Name": "RHEL"
}
}
},
{
"Sid": "DenyAMIAccess",
"Effect": "Deny",
"Action": [
"ec2:RunScheduledInstances",
"ec2:RunInstances"
],
"Resource": [
"arn:aws:ec2:*::image*"
],
"Condition": {
"Null": {
"aws:RequestTag/Name": "true"
}
}
}
]
}