Amazon EC2:允许以编程方式和在控制台中启动或停止 EC2 实例并修改安全组
此示例说明如何创建基于身份的策略以允许启动或停止特定的 EC2 实例并修改特定的安全组。此策略定义了程序访问和控制台访问的权限。要使用此策略,请将示例策略中的斜体占位符文本
替换为您自己的信息。然后,按照创建策略或编辑策略中的说明操作。
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeStaleSecurityGroups"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": [
"arn:aws:ec2:*
:*
:instance/i-instance-id
",
"arn:aws:ec2:*
:*
:security-group/sg-security-group-id
"
],
"Effect": "Allow"
}
]
}