2. 程式人生 > >Restrict Access to Launch EC2 Instances from Only Tagged AMIs

Restrict Access to Launch EC2 Instances from Only Tagged AMIs

阿新 發佈:2019-01-12 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReadOnlyAccess",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:GetConsole*",
                "cloudwatch:DescribeAlarms",
                "cloudwatch:GetMetricStatistics",
                "iam:ListInstanceProfiles"
            ],
            "Resource": "*"
        },
        {
            "Sid": "ActionsRequiredtoRunInstancesInVPC",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": [
                "arn:aws:ec2:us-east-1:AccountId:instance/*",
                "arn:aws:ec2:us-east-1:AccountId:key-pair/*",
                "arn:aws:ec2:us-east-1:AccountId:security-group/*",
                "arn:aws:ec2:us-east-1:AccountId:volume/*",
                "arn:aws:ec2:us-east-1:AccountId:network-interface/*",
                "arn:aws:ec2:us-east-1:AccountId:subnet/*"
            ]
        },
        {
            "Sid": "LaunchingEC2withAMIsAndTags",
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "arn:aws:ec2:us-east-1::image/ami-*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/Environment": "Prod"
                }
            }
        }
    ]
}

相關推薦

Restrict Access to Launch EC2 Instances from Only Tagged AMIs

{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadOnlyAccess", "Effect": "Allow", "Act

Restrict access to your AWS Glue Data Catalog with resource

A data lake provides a centralized repository that you can use to store all your structured and unstructured data at any scale. A data lake can in

Show HN: How to Launch Your Product from Early Idea to Revenue

Excellent write-up! Two things jumped out for me:1. "Upvotes don’t give you anything unless they are from the people who are really interested in what you

Enable Multiple Concurrent Users Access to an EC2 Instance Running Windows Using RDP

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Restrict Access to your Amazon Connect S3 Bucket

This blog post describes how to create customer access policies to Amazon S3. These buckets are by default not public, and this blog takes it furt

AWS Systems Manager Session Manager for Shell Access to EC2 Instances | AWS News Blog

It is a

Use CloudFront Geo Restriction To Restrict Access From Geographic Regions

You can use the geo restriction feature, also known as geoblocking, to prevent users in specific geographic locations from accessing content th

Restrict Access of Users to Specific EC2 Resources

{ "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:StartInstances", "ec2:S

Use IAM Tags to Restrict EC2 Instances or EBS Volumes

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowToDescribeAll", "Effect": "Allow",

Recover Access to EC2 Instances After Losing SSH Key Pair

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

node.js+express 跨域問題加了請求頭無效解決Access to XMLHttpRequest at 'xxxx'from'xxx'origin 'xxx' has been blocke

先吧以下程式碼複製下來 /* 解決跨域問題 / app.all(’’, function(req, res, next) { res.header(“Access-Control-Allow-Origin”, “*”); res.header(“Access-Control-Al

Udacity changes policy from lifetime access to content to 12

Looking for some advice and potential guidance as to what to do because I believe this violates their terms. Over a year ago I and many others signed up fo

How can I set up PyCharm to launch from the Launcher?(ubuntu pycharm 無法 lock from launcher 問題解決)

PyCharm can create it's own launcher icon (but it's not created by default). All you have to do is: Start PyCharm. From the Tools menu, selec

Amazon brings predictive scaling to EC2 instances

Amazon Web Services this week is improving its Auto Scaling tool with machine learning, giving it predictive capabilities. The new predictive scaling featu

Resolve "Server Refused Our Key" Errors When Connecting to EC2 Instances

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Launch an EC2 Instance From a Custom AMI

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Facing Load Balancer to EC2 Instances with Private IP Addresses

You must create public subnets in the same Availability Zones as the private subnets that are used by your private instances. Then associate th

UDP Traffic to EC2 Instances

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Seamlessly Join EC2 Instances to a Domain

Way back in 2008 I announced that you could run Microsoft Windows on Amazon EC2. Since that time, we have made many additions to the initial offer

New – Amazon EC2 Instances with Up to 8 NVIDIA Tesla V100 GPUs (P3)

Driven by customer demand and made possible by on-going advances in the state-of-the-art, we’ve come a long way since the original m1.small instan