IAM policy does not allow access to EC2

Question

IAM policy does not allow access to EC2

I have a policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1429817158000",
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": [
                "arn:aws:ec2:*"
            ]
        }
    ]
}

This is tied to a group. This group has one user. When I enter myloginthing.signin.aws.amazon.com with these user credentials, I cannot do anything with EC2. This gives me messages such as "You are not authorized to describe Running Instances" for each activity on the page.

The IAM policy simulator tells me that any action is rejected because

Implicitly rejected (no matching claims found).

What am I missing?

+4

amazon-web-services amazon-ec2 amazon-iam

Philip Apr 23 '15 at 10:27

source share

2 answers

ec2:* , "arn:aws:ec2:*" Amazon.

"arn:aws:ec2:*" "arn:aws:ec2:::*" "*" .

. Amazon (ARN) AWS

+2

number5 24 . '15 0:39

chris · Accepted Answer · 2015-04-24T00:23:40+0000

It really took some time to understand.

, ( , ec2:*) ( arn:aws:ec2:*).

, - , RunInstances, DescribeInstances *.

(: , a) , b) , , .

IAM policy does not allow access to EC2

More articles: