1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
To allow a user to create an Amazon Machine Image (AMI) of an Amazon Elastic Compute Cloud (EC2) instance, you can create an IAM policy that includes the following permissions:
- ec2:CreateImage: This permission allows the user to create an AMI from an EC2 instance.
- ec2:DescribeInstances: This permission allows the user to retrieve information about the EC2 instances that they have permission to create AMIs for.
- ec2:ModifySnapshotAttribute: This permission allows the user to modify the permissions of the snapshots that are used to create the AMI.
- ec2:CreateTags: This permission allows the user to add tags to the AMI.
Here is an example policy that includes these permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CreateImage",
"ec2:DescribeInstances",
"ec2:ModifySnapshotAttribute",
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:--myaccountnumber--:instance/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
}
]
}
Note that the user will also need permission to create and delete snapshots of the EBS volumes attached to the EC2 instance. The user will also need permission to create and delete the AMI itself.
respondido hace 2 años
Contenido relevante
- OFICIAL DE AWSActualizada hace un mes
- OFICIAL DE AWSActualizada hace un mes
- ¿Cómo puedo resolver el error “Failed to start the job flow due to an internal error” en Amazon EMR?OFICIAL DE AWSActualizada hace un mes