我想创建 IAM 策略,其中 IAM 用户将无法在 us-east-1 区域中启动除 t2.micro Ubuntu 之外的任何实例。我在 IAM 策略中添加了 ami,但 AWS 不仅允许 Ubuntu ami,还允许 IAM 用户启动所有实例。可能是什么问题
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TheseActionsDontSupportResourceLevelPermissions",
"Effect": "Allow",
"Action": [
"ec2:Describe*"
],
"Resource": "*"
},
{
"Sid": "TheseActionsSupportResourceLevelPermissions",
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:StopInstances",
"ec2:StartInstances"
],
"Resource": "arn:aws:ec2:us-east-1:196687784845:instance/ami-0885b1f6bd170450c"
}
]
}