Amazon web services 如何允许用户仅在允许的子网中创建ec2实例?
我想只允许用户在允许的子网中运行/停止ec2实例,但下面的代码不起作用:Amazon web services 如何允许用户仅在允许的子网中创建ec2实例?,amazon-web-services,amazon-ec2,amazon-iam,amazon-vpc,subnet,Amazon Web Services,Amazon Ec2,Amazon Iam,Amazon Vpc,Subnet,我想只允许用户在允许的子网中运行/停止ec2实例,但下面的代码不起作用: { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:TerminateInstances", "ec2:StopInstances", "ec2:StartInstances", "ec2:RunScheduledInstances", "ec2:U
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:RunScheduledInstances",
"ec2:UnmonitorInstances"
],
"Resource": [
"*"
],
"Condition": {
"ForAnyValue:ArnEquals": {
"ec2:Subnet": [
"arn:aws:ec2:*:*:subnet/subnet-*******",
"arn:aws:ec2:*:*:subnet/subnet-*******",
"arn:aws:ec2:*:*:subnet/subnet-*******"
]
}
}
}
此策略将允许用户仅以编程方式和通过控制台在特定子网中运行EC2实例:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:RunScheduledInstances",
"ec2:UnmonitorInstances"
],
"Resource": [
"arn:aws:ec2:*:*:subnet/subnet-******",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*::image/ami-*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:security-group/*"
]
}
]
}
请分享代码返回的错误类型