Use IAM Tags to Restrict EC2 Instances or EBS Volumes

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowToDescribeAll",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowRunInstances",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:*::image/*",
                "arn:aws:ec2:*::snapshot/*",
                "arn:aws:ec2:*:*:subnet/*",
                "arn:aws:ec2:*:*:network-interface/*",
                "arn:aws:ec2:*:*:security-group/*",
                "arn:aws:ec2:*:*:key-pair/*"
            ]
        },
        {
            "Sid": "AllowRunInstancesWithRestrictions",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateVolume",
                "ec2:RunInstances"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "aws:RequestTag/key1": "value1",
                    "aws:RequestTag/key2": "value2"
                },
                "ForAllValues:StringEquals": {
                    "aws:TagKeys": [
                        "key1",
                        "key2"
                    ]
                }
            }
        },
        {
            "Sid": "AllowCreateTagsOnlyLaunching",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateTags"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "StringEquals": {
                    "ec2:CreateAction": "RunInstances"
                }
            }
        }
    ]
}

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

Use IAM Roles to Restrict API Calls from Specific IP Addresses

Restrict Access to Launch EC2 Instances from Only Tagged AMIs

Use IAM Policies to Grant Access to User

Assign an IAM Role to an EC2 Instance

AWS Systems Manager Session Manager for Shell Access to EC2 Instances | AWS News Blog

Amazon brings predictive scaling to EC2 instances

Ask HN: Do you use digital ink to create handwritten notes? Why or why not?

Use CloudFront Geo Restriction To Restrict Access From Geographic Regions

Use EC2Rescue to Troubleshoot EC2 Windows Issues

Restrict Access of Users to Specific EC2 Resources

Use Swap File to Allocate Memory as Swap Space in Amazon EC2 Instance

Resolve "Server Refused Our Key" Errors When Connecting to EC2 Instances

Recover Access to EC2 Instances After Losing SSH Key Pair

Facing Load Balancer to EC2 Instances with Private IP Addresses

Resolve Issues with Corrupt or Missing Network Drivers on Windows EC2 Instances

UDP Traffic to EC2 Instances

Seamlessly Join EC2 Instances to a Domain

New – Amazon EC2 Instances with Up to 8 NVIDIA Tesla V100 GPUs (P3)

[Nuxt] Use Vuex Actions to Delete Data from APIs in Nuxt and Vue.js

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

相關推薦