aws ec2流量限制_如何限制共享的AWS EC2帐户访问权限以查看和启动所有VM但仅停止某些VM

最新推荐文章于 2023-01-20 08:32:29 发布

cuma2369

最新推荐文章于 2023-01-20 08:32:29 发布

阅读量1.2k

点赞数

文章标签： linux java 大数据运维操作系统

原文链接：https://www.systutorials.com/how-to-limit-shared-aws-ec2-accounts-access-to-view-and-start-all-vms-yet-stop-only-certain-vms/

版权

aws ec2流量限制

If a team with many accounts share and manages the virtual machines under that same AWS accounts, it is a common practice to limit AWS EC2 accounts’ access to view or start all VMs yet stop only certain VMs. For example, one account has 50 VMs tagged "prod" while 25 VMs tagged "dev". The developers should be able to start all the "prod" and "dev" VMs while they only be able to stop the "dev" VMs unless they have accesses to the "prod" VMs. These limitations can avoid accidentally shutting down production virtual machines.

如果拥有多个账户的团队在同一 AWS账户下共享和管理虚拟机，通常的做法是限制AWS EC2账户的访问权限以查看或启动所有VM，而仅停止某些VM。例如，一个帐户有50个标记为“ prod”的VM，而25个标记为“ dev”的VM。开发人员应该能够启动所有“ prod”和“ dev” VM，而他们只能停止“ dev” VM，除非他们有权访问“ prod” VM。这些限制可以避免意外关闭生产虚拟机。

AWS gives the mechanism to achieve so in the IAM management. We show how to make use of the policies in AWS IAM management to achieve such goals.

AWS提供了在IAM管理中实现这一目标的机制。我们将展示如何利用AWS IAM管理中的策略来实现这些目标。

In AWS, VMs can be tagged, and there are policies the can filter VMs by tags. There are user groups and users. User can be assgined to one or many user groups and the policies can be attached to the user groups to give access rights.

在AWS中，可以对VM进行标记，并且存在可以按标记过滤 VM的策略。有用户组和用户。可以将用户分配给一个或多个用户组，并且可以将策略附加到这些用户组以提供访问权限。

users---belong to---> user group <---attached to---policy

To limit certain users’ accesses, we can create user groups and policies attached to the user groups, and assign the users to these groups.

为了限制某些用户的访问，我们可以创建用户组和附加到用户组的策略，然后将用户分配给这些组。

建立政策 (Create policies)

AWS’ policy system is very flexible and at fine granularity. The policies can be implemented as a JSON file and uploaded to AWS management console to take effect. In this example, we will create 2 policies to

AWS的策略系统非常灵活且粒度精细。这些策略可以实现为JSON文件，并上传到AWS管理控制台以生效。在此示例中，我们将创建2个策略

list all instances
列出所有实例
start all instances
启动所有实例
stop instances that have a tag "Prod/Dev" set to "dev"
停止将标签“ Prod / Dev”设置为“ dev”的实例

We will implement the rules in 2 policies.

我们将在2个策略中实施规则。

The policy control web page interface in the IAM management allows us to create new policies as follows.

IAM管理中的

最低0.47元/天解锁文章

cuma2369

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
aws ec2流量限制_如何限制共享的AWS EC2帐户访问权限以查看和启动所有VM但仅停止某些VM

aws ec2流量限制If a team with many accounts share and manages the virtual machines under that same AWS accounts, it is a common practice to limit AWS EC2 accounts’ access to view or start all VMs yet stop...
复制链接

扫一扫