Question

我已经与IAM用户附加了以下策略，该用户应该允许用户创建EC2实例的快照（支持EBS）。

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1473146965806",
        "Action": [
            "ec2:CreateSnapshot"
        ],
        "Effect": "Allow",
        "Resource": "arn:aws:ec2:*:MY_ACCOUNT_ID:*/*"
    }
]
}

但是当用户尝试执行命令来创建快照时，会发生以下错误：

An error occurred (UnauthorizedOperation) when calling the CreateSnapshot 
operation: You are not authorized to perform this operation.

政策中有什么不正确？

Answer 1

CreateSnapshot不支持资源级权限，您可以使用通配符＆＃34;资源＆＃34;：＆＃34; *＆＃34; ：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1473146965806",
            "Action": [
                "ec2:CreateSnapshot"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions

仅用于创建快照的AWS策略

1 个答案: