Open1
iamポリシーチートシート
ec2
sg
特定のタグ名がついたsgのみに編集権限付与
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"ec2:ModifySecurityGroupRules"
],
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
],
"Condition": {
"StringNotEquals": {
"ec2:ResourceTag/Name": "tag_name"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:*"
],
"Resource": "*"
}
]
}