amazon-web-services - 创建 EC2 实例时如何设置默认标签？

问题描述

当帐户中的某人尝试创建 EC2 实例时，我正在尝试一种添加默认标签的方法。现在我已经设置了只监控标签是否被创建的规则。

我需要一些东西，当创建实例时，他们必须填写标签，然后才能继续启动实例。这可能吗？如果有怎么办？

我在网上搜索过，没有任何东西能完全符合我的要求。

我看了看：https ://aws.amazon.com/blogs/aws/new-tag-ec2-instances-ebs-volumes-on-creation/

然后我制定了一项政策（如下），但它仍然不起作用。

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AllowCreateTaggedVolumes",
        "Effect": "Allow",
        "Action": "ec2:CreateVolume",
        "Resource": "*",
        "Condition": {
            "StringEquals": {
                "aws:RequestTag/Name": "",
                "aws:RequestTag/Owner": "",
                "aws:RequestTag/Project": "",
                "aws:RequestTag/Schedule": ""
            },
            "ForAllValues:StringEquals": {
                "aws:TagKeys": [
                    "Name",
                    "Owner",
                    "Project",
                    "Schedule"
                ]
            }
        }
    },
    {
        "Effect": "Allow",
        "Action": [
            "ec2:CreateTags"
        ],
        "Resource": "*",
        "Condition": {
            "StringEquals": {
                "ec2:CreateAction": "CreateVolume"
            }
        }
    }
]
}

标签： amazon-web-servicesamazon-ec2tagging

我使用以下策略代码模拟了相同的场景，其中以下示例策略允许用户启动 EC2 实例并创建 EBS 卷，前提是用户使用限定符ForAllValues (Key1 &键 2)。如果用户应用任何未包含在策略中的标签，则该操作将被拒绝。吨

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "AllowToDescribeAll",
        "Effect": "Allow",
        "Action": [
            "ec2:Describe*"
        ],
        "Resource": "*"
    },
    {
        "Sid": "AllowRunInstances",
        "Effect": "Allow",
        "Action": "ec2:RunInstances",
        "Resource": [
            "arn:aws:ec2:*::image/*",
            "arn:aws:ec2:*::snapshot/*",
            "arn:aws:ec2:*:*:subnet/*",
            "arn:aws:ec2:*:*:network-interface/*",
            "arn:aws:ec2:*:*:security-group/*",
            "arn:aws:ec2:*:*:key-pair/*"
        ]
    },
    {
        "Sid": "AllowRunInstancesWithRestrictions",
        "Effect": "Allow",
        "Action": [
            "ec2:CreateVolume",
            "ec2:RunInstances"
        ],
        "Resource": [
            "arn:aws:ec2:*:*:volume/*",
            "arn:aws:ec2:*:*:instance/*"
        ],
        "Condition": {
            "StringEquals": {
                "aws:RequestTag/key1": "value1",
                "aws:RequestTag/key2": "value2"
            },
            "ForAllValues:StringEquals": {
                "aws:TagKeys": [
                    "key1",
                    "key2"
                ]
            }
        }
    },
    {
        "Sid": "AllowCreateTagsOnlyLaunching",
        "Effect": "Allow",
        "Action": [
            "ec2:CreateTags"
        ],
        "Resource": [
            "arn:aws:ec2:*:*:volume/*",
            "arn:aws:ec2:*:*:instance/*"
        ],
        "Condition": {
            "StringEquals": {
                "ec2:CreateAction": "RunInstances"
            }
        }
    }
]
}

添加存储

未添加标签

无标签启动失败

添加了必需的标签

启动以标签值开始

AWS 参考指南

amazon-web-services - 创建 EC2 实例时如何设置默认标签？

问题描述

解决方案

推荐阅读