【发布时间】:2017-02-24 17:43:21
【问题描述】:
如何让 AWS IAM 用户能够使用 GetConsoleScreenshot 操作?
我想出了一个我认为应该这样做的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:GetConsoleScreenshot",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:AvailabilityZone",
"ec2:EbsOptimized",
"ec2:InstanceProfile",
"ec2:InstanceType",
"ec2:PlacementGroup",
"ec2:Region",
"ec2:ResourceTag/tag-key",
"ec2:RootDeviceType",
"ec2:Tenancy"
],
"Resource": [
"*"
]
}
]
}
我以此作为参考:Granting IAM Users Required Permissions for Amazon EC2 Resources
我想知道的是,给某人“ec2:GetConsoleScreenshot”能力是否过分?赋予该一项能力是否暗示了其他权限?
【问题讨论】: