1
我已将下面的自定义IAM作为内联策略附加到IAM用户,但是当我尝试通过用户登录启动EC2实例时,它不工作。我的要求是允许用户只启动t2 .micro实例。IAM策略未启动
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-east-1:xxxxxxxxx:network-interface/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:volume/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:key-pair/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:security-group/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:subnet/*"
]
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-east-1: xxxxxxxxx:instance/*"
],
"Condition": {
"StringEquals": {
"ec2:InstanceType": "t2.micro"
}
}
}
]
}
任何猜测可能是什么问题?
“但是当我尝试通过用户启动EC2实例登录它不工作。” - 你遇到了什么错误? –
启动失败:您无权执行此操作。 – Venkat
您尝试启动的实例的类型是什么? – Mahdi