-1

我正在尝试ec2:AttachVolume使用策略模拟器 sdk java API 验证操作。我的政策如下

{
            "Action": [
                "ec2:AttachVolume"
            ]
            },
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ec2:*:*:instance/*"
            ]
        },
        {
            "Action": [
                "ec2:AttachVolume"
            ]
            },
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ec2:*:*:volume/*"
            ]
        }

我如何使用策略模拟器 API 验证它,因为我需要同时提供资源,即实例和卷?

4

1 回答 1

0

有了这个政策,模拟器对我来说很好:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:AttachVolume",
                "ec2:DetachVolume"
            ],
            "Resource": [
                "arn:aws:ec2:*:*:volume/*",
                "arn:aws:ec2:*:*:instance/*"
            ],
            "Condition": {
                "ArnEquals": {
                    "ec2:SourceInstanceARN": "arn:aws:ec2:*:*:instance/i-1234567890"
                }
            }
        }
    ]
}

在此处输入图像描述

于 2020-04-05T11:51:53.743 回答