Amazon web services AWS IAM术语映射文件
我正在阅读一份参考文献,内容如下:Amazon web services AWS IAM术语映射文件,amazon-web-services,amazon-ec2,Amazon Web Services,Amazon Ec2,我正在阅读一份参考文献,内容如下: Select the checkbox next to the “AmazonEC2ReadOnlyAccess” policy (recommended) and click “Next Step”. If a custom policy is created, “DescribeRegions” and “DescribeInstances” permissions are required. { "Version": "2012-10-17",
Select the checkbox next to the “AmazonEC2ReadOnlyAccess” policy (recommended) and click “Next Step”.
If a custom policy is created, “DescribeRegions” and “DescribeInstances” permissions are required.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances", "ec2:DescribeImages",
"ec2:DescribeTags", "ec2:DescribeSnapshots"
],
"Resource": "*"
}
]
}
我试图用这样的政策来表达:
Select the checkbox next to the “AmazonEC2ReadOnlyAccess” policy (recommended) and click “Next Step”.
If a custom policy is created, “DescribeRegions” and “DescribeInstances” permissions are required.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances", "ec2:DescribeImages",
"ec2:DescribeTags", "ec2:DescribeSnapshots"
],
"Resource": "*"
}
]
}
但我不知道您如何将AmazonEC2ReadOnlyAccess
策略分解为ec2:
格式
我在这里看过:
以及EC2上825页的PDF文件:
有进一步的建议吗?使用AWS控制台,导航到IAM,然后是策略。搜索感兴趣的策略并单击它。这将带您进入一个描述策略并提供等效JSON的页面 的等效JSON策略似乎是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:Describe*",
"Resource": "*"
}
]
}
请注意,随着新功能/服务的添加,此策略可能会随着时间的推移而更改。这是一个很好的理由考虑使用管理的AWS策略在您自己的等价物上。好点重新策略更改。AmazonEC2ReadOnlyAccess的行动是什么?我不确定我是否理解你的问题。你能澄清一下吗?是的。给出了关于策略更改的评论,您如何描述AmazonEC2ReadOnlyAccess的JSON策略(不将其分解为权限)?您不能,也不需要。AmazonEC2ReadOnlyAccess是AWS管理的策略。创建IAM角色(或组或用户)并将AmazonEC2ReadOnlyAccess策略附加到该角色。