从 CLI 预置 EC2 实例所需的 AWS IAM 策略权限是什么?

What are the required AWS IAM policy permissions to provision EC2 Instances from the CLI?

我正在编写 IAM 策略以从 CLI 部署 EC2 实例,我不想授予 EC2 完全访问权限。遵循最小权限原则,提供 EC2 实例所需的权限是什么

这取决于您是希望他们从控制台还是 CLI 共进午餐。

对于控制台,根据 docs 以下策略适用:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeImages",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:CreateSecurityGroup",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:CreateKeyPair"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "ec2:RunInstances",
            "Resource": "*"
        }
    ]
}

对于 CLI,显示了策略 here