Amazon web services AWS IAM策略不限制用户在特定VPC中启动实例
我有一个IAM策略,限制用户在特定VPC中启动实例Amazon web services AWS IAM策略不限制用户在特定VPC中启动实例,amazon-web-services,amazon-iam,Amazon Web Services,Amazon Iam,我有一个IAM策略,限制用户在特定VPC中启动实例 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource":
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-west-2:accountID:instance/*",
"arn:aws:ec2:us-west-2:*:image/* ",
"arn:aws:ec2:us-west-2:accountID:subnet/*",
"arn:aws:ec2:us-west-2:accountID:vpc/vpc-ID",
"arn:aws:ec2:us-west-2:accountID:network-interface/*",
"arn:aws:ec2:us-west-2:accountID:volume/*",
"arn:aws:ec2:us-west-2:accountID:key-pair/*",
"arn:aws:ec2:us-west-2:accountID:tags/*",
"arn:aws:ec2:us-west-2:accountID:security-group/*"
]
},
{
"Sid": "Stmt1394644402000",
"Effect": "Allow",
"Action": [
"ec2:CreateSecurityGroup"
],
"Resource": [
"*"
]
},
{
"Sid": "Stmt1394645330000",
"Effect": "Allow",
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:ReleaseAddress"
"ec2:AttachVolume",
"ec2:CreateVolume",
"ec2:CreateTags"
],
"Resource": [
"*"
]
}
]
}
谢谢在此脚本中,您没有明确拒绝该用户的权限。你希望这个脚本能做什么?您是否尝试过使用?我希望用户应该能够在特定实例中启动实例,同时他不应该能够在ec2经典实例中启动。这项政策不起作用。我试过了,你找到解决办法了吗?据我所知,如果不禁止用户创建新的安全组,在经过数小时的尝试后,不可能实现这一点。