Amazon web services 使用自定义策略基于标记向ec2资源授予只读IAM权限
我试图创建一个IAM策略,对带有特定标记的机器进行只读访问,并仅为这些机器授予EC2实例连接 我试过这个。但不起作用Amazon web services 使用自定义策略基于标记向ec2资源授予只读IAM权限,amazon-web-services,amazon-iam,Amazon Web Services,Amazon Iam,我试图创建一个IAM策略,对带有特定标记的机器进行只读访问,并仅为这些机器授予EC2实例连接 我试过这个。但不起作用 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "arn:aws:ec2:*:7352673452763:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "arn:aws:ec2:*:015107134915:dedicated-host/*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/Project": "TestProject"
}
}
}
]
}
授予权限后,我看不到任何计算机。有人能帮我处理这些ec2实例连接所支持的资源类型吗 arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId} 而
ec2:descripe*
适用于所有资源
{
“版本”:“2012-10-17”,
“声明”:[
{
“效果”:“允许”,
“行动”:[
“ec2实例连接:SendSSHPublicKey”
],
“资源”:“arn:aws:ec2:::7352673452763:instance/*”,
“条件”:{
“StringEquals”:{
“aws:ResourceTag/Project”:“TestProject”
}
}
},
{
“效果”:“允许”,
“操作”:“ec2:描述*”,
“资源”:“*”
}
]
}