我已經嘗試過這種方法,但它在IAM策略模擬器上失敗。
從AWS文檔獲得此策略。什麼是正確的IAM策略,允許用戶在VPC安全組中添加入口/出口規則
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress"],
"Resource": "arn:aws:ec2:us-east-1:Account-Number:security-group/*",
"Condition": {
"StringEquals": {
"ec2:Vpc": "arn:aws:ec2:us-east-1:Account-Number:vpc/vpc-id"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:DescribeSecurityGroups",
"Resource": "*"
}
]
}