-bash-4.2$ aws ec2 wait instance-running $ARG
Waiter InstanceRunning failed: You are not authorized to perform this operation.
现在您转到 IAM 并看到一个巨大的权限列表,没有带有 wait 字的...,因此您查看 https://docs.aws.amazon.com/cli/latest/reference/ec2/wait/index.html#cli-aws-ec2-wait 并找不到所需权限的列表...
那么:aws ec2 wait 需要什么权限?..
【问题讨论】:
标签: amazon-web-services amazon-ec2
纯粹是通过尝试和失败,我找到了对我有用的那些:
{
"Version": "1980-09-19",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "arn:aws:ec2:us-east-1:00000000:instance/i-abababababab"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:ReportInstanceStatus"
],
"Resource": "*"
}
]
}
我假设您不需要 start 和 stop 只需要 wait,但我将它们包括在内,因为您将 wait 与它们中的任何一个配对使用...
简而言之,它们是:DescribeInstances 和 ReportInstanceStatus
【讨论】:
ec2:DescribeInstances 许可的情况下复制了与您完全相同的策略,并且它可以正常工作。我不得不将版本更新到 2012-10-17。你能分享你收到的错误吗?
Waiter InstanceRunning failed: You are not authorized to perform this operation 中的那个。但请随时更新答案或发布您自己的答案。如果没有ReportInstanceStatus,我肯定会失败,但我可能会在这里错过其他变量
ec2:ReportInstanceStatus 的策略也对我有用
WaiterInstanceRunning 需要 ec2:DescribeInstanceStatus - ReportInstanceStatus 将实例的状态报告回 AWS(当实例出现意外状态时)
【讨论】:
似乎下面的命令也需要“ec2:DescribeInstanceStatus”
aws ec2 等待 instance-status-ok --region eu-west-1 --instance-ids
【讨论】: