3
我正在关注StarCluster configuration instructions,我想为StarCluster创建一个新用户来使用。我的问题是StarCluster需要运行的最小IAM权限集是什么?IAM StarCluster需要的权限
是否需要AmazonEC2FullAccess策略(如indicated by this)或是否存在不太全面的策略。
A
回答
0
我已经使用了以下政策,以允许用户IAM开始t2.micro实例(只)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ExtraActionsNeededByStarCluster",
"Effect": "Allow",
"Action": [
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:TerminateInstances"
],
"Resource": "*"
},
{
"Sid": "AllowDescribeForAllResources",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "OnlyAllowCertainInstanceTypesToBeCreated",
"Effect": "Allow",
"Action": [
"ec2:RunInstances"
],
"Resource": [
"*"
],
"Condition": {
"StringEquals": {
"ec2:InstanceType": [
"t2.micro"
]
}
}
},
{
"Sid": "AllowUserToStopStartDeleteInstances",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:*:account:instance/*"
}
]
}
0
政策上面会不会让你安装EBS卷上的情况下,或者使用贴片组,或进行现场投标。我们似乎已经计算出运行starcluster vanillaimprovements的IAM用户所需的全套权限,包括现场出价和负载平衡器addnodes和removenodes:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ExtraActionsNeededByStarCluster",
"Effect": "Allow",
"Action": [
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:TerminateInstances",
"ec2:CreatePlacementGroup",
"ec2:DeletePlacementGroup",
"ec2:RequestSpotInstances",
"ec2:CancelSpotInstanceRequests"
],
"Resource": "*"
},
{
"Sid": "AllowDescribeForAllResources",
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Sid": "AllowInstancesToBeCreated",
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": "*"
},
{
"Sid": "AllowUserToStopStartDeleteInstances",
"Effect": "Allow",
"Action": [
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:*:account:instance/*"
}
]
}
相关问题
- 1. django-storages对s3 IAM用户需要什么权限?
- 2. 如何确定AWS CloudFormation需要哪些IAM权限?
- 3. 使用bottlenose API需要什么AWS IAM权限?
- 4. 如何找出我需要运行此功能所需的所有IAM权限?
- 5. 权限需要NotificationManager
- 6. CUDA需要root权限吗?
- 7. 权限拒绝:...需要android.permission.WRITE_EXTERNAL_STORAGE
- 8. com.sinch.android.rtc.MissingPermissionException:需要权限:android.permission.RECORD_AUDIO
- 9. PROVIDE_BACKGROUND权限不再需要?
- 10. GIT-TF需要权限?
- 11. 需要扩展权限publish_actions
- 12. user_likes权限不需要BUG?
- 13. AllJoyn需要root权限吗?
- 14. CIMSessions需要什么权限
- 15. subprocess.Popen需要什么权限?
- 16. Android要求不需要的权限
- 17. Google Cloud上的权限问题IAM
- 18. 添加IAM角色的权限
- 19. 导出的活动不需要权限
- 20. 需要什么权限的PHP?
- 21. 需要访问系统的权限
- 22. Oracle视图 - 基表需要的权限?
- 23. 区域和迭代,需要的权限
- 24. 找出需要的权限来自
- 25. Facebook的需要扩展权限:create_event
- 26. pgpool-II的health_check_user需要什么权限?
- 27. Android 6.0权限拒绝:需要权限android.permission.WRITE_SETTINGS
- 28. PHP权限错误 - 我需要执行权限?
- 29. 如何使用AWS IAM角色运行StarCluster
- 30. XPI需要什么文件权限?