1
我已將下面的自定義IAM作爲內聯策略附加到IAM用戶,但是當我嘗試通過用戶登錄啓動EC2實例時,它不工作。我的要求是允許用戶只啓動t2 .micro實例。IAM策略未啓動
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-east-1:xxxxxxxxx:network-interface/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:volume/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:key-pair/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:security-group/*",
"arn:aws:ec2:us-east-1: xxxxxxxxx:subnet/*"
]
},
{
"Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource": [
"arn:aws:ec2:us-east-1: xxxxxxxxx:instance/*"
],
"Condition": {
"StringEquals": {
"ec2:InstanceType": "t2.micro"
}
}
}
]
}
任何猜測可能是什麼問題?
「但是當我嘗試通過用戶啓動EC2實例登錄它不工作。」 - 你遇到了什麼錯誤? –
啓動失敗:您無權執行此操作。 – Venkat
您嘗試啓動的實例的類型是什麼? – Mahdi