{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 成全新的幸福 的问题《how to show specific ec2 instance for an user》','https://www.manongdao.com/q-415465.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have some aws ec2 instances and would like to show ONLY one instance for partners.
I created IAM user for the partner. following is my policy I created. But when partner logins to aws and see ec2 instance view, following message displayed and no instance is displayed.
An error occurred fetching instance data: You are not authorized to perform this operation.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:*"
],
"Sid": "Stmt1373378552000",
"Resource": [
"arn:aws:ec2:ap-northeast-1:123456789012:instance/i-12345678"
],
"Effect": "Allow"
}
]
}
(123456789012 is (dummy)my Account Id and i-12345678 is a instance I like to show)
I also tried to specify by tag name like following, but does not work..
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Name": "node-B"
}
},
Does anyone know how to show specific ec2 instance for partners??
This is not currently supported.
Only selected Amazon EC2 API actions currently support resource-level permissions:
The AWS Management Console is using a
DescribeInstancescall, which cannot be restricted to a specific resource. Hence, the error you received.See also: