我想在IAM中创建一个新用户,并允许他能够创建新的EC2实例,但只能查看/管理他创建的那些实例.
这可能与IAM有关吗?
这是我尝试的组策略:
{
"Statement":
[
{
"Effect": "Allow",
"Action":
[
"ec2:DescribeImages",
"ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action":
[
"ec2:DescribeInstances","ec2:RunInstances", "ec2:TerminateInstances",
"ec2:StartInstances", "ec2:StopInstances", "DescribeInstanceAttribute", "DescribeInstanceStatus"
],
"Resource": "*",
"Condition":
{
"StringEquals":
{
"ec2:ResourceTag/tag": "TheValueOfTheTag"
}
}
}
]
}