我希望用户能够登录 aws 帐户并启动和停止一个特定的 ec2-instance。到目前为止,我发现 ec2 describe 仅适用于资源中的 catch -all star "*"。用户可以登录,查看所有实例,但他无法启动或停止实例,因为出现权限被拒绝错误:(
这是我的政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TheseActionsDontSupportResourceLevelPermissions",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "TheseActionsSupportResourceLevelPermissions",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:eu-central-1a:MY_ACCOUNT_ID:instance/MY_INSTANCE_ID"
}
]
}