I have several ec2 instances on AWS and I was wondering which is the best way to organize them in order to keep order. As far is I know, it is not possible to group such instances e.g. with the help of a folder or something similar. So the solution I came up with is to stick to a naming convention. So, the names of my instances will look as follows:
- examplecustomer-ubuntu-14.0.4-t2.micro-1
- examplecustomer-ubuntu-14.0.4-t2.micro-2
- examplecustomer1-ubuntu-14.0.4-t2.micro-1
- examplecustomer1-ubuntu-14.0.4-t2.micro-2
Now I have several users/customers which should just see specific instances (e.g. customer1 should only see instances starting with examplecustomer1). Therefore, I created a policy and attached it to the user. My idea was to use a wildcard within the ARN-Resourcepath, but that doesn´t seem to work. Does anyone have an idea how to achieve that?
Example policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1443859866333",
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "arnresourcepath/customer1*"
}
]
}
Aucun commentaire:
Enregistrer un commentaire