- 최신
- 최다 투표
- 가장 많은 댓글
You can do this by tagging your instance(s) with a particular value (say, Accounts
) and then writing an IAM policy which allows access to EC2 resources with that tag: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/control-access-with-tags.html
It is as easy as including "StringEquals": { "aws:ResourceTag/environment": "Accounts" }
in the Condition
part of the IAM policy.
There are many other examples in the documentation.
Note that you're going to have to define what you mean by "access". The IAM policy allows you to control who can administer the instance(s) from the console or command-line interface or any other API. If you mean "who can SSH or RDP to the instance" then you might want to look at Session Manager or control access on the instance itself using the operating system controls.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전