我正在尝试将用户限制为单个 VPC。我经历了控制对 Amazon VPC 资源的访问并提出了以下策略,但它不起作用。有人可以指出其中的错误吗?
我应该提到,在我在模拟设置中的条件键下设置 VPC ARN 后,IAM 策略模拟器似乎认为该策略很好。
(我已在我的策略中用实际值替换了区域、帐户和 vpc-id。)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:*Vpc*",
"ec2:*Subnet*",
"ec2:*Gateway*",
"ec2:*Vpn*",
"ec2:*Route*",
"ec2:*Address*",
"ec2:*SecurityGroup*",
"ec2:*NetworkAcl*",
"ec2:*DhcpOptions*",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:TerminateInstances",
"ec2:Describe*"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Vpc": "arn:aws:ec2:region:account:vpc/vpc-id"
}
}
}
]
}