我正在尝试创build一个可以限制用户访问不同地区RDS的策略。 但是,我想给他们pipe理员访问只有一个地区,即ap-southeast-1。
我制定了一些政策,但是他们不是为新加坡地区,而是在美东地区工作。
为什么这在东方而不是在新加坡?
政策示例:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt----------", "Effect": "Allow", "Action": [ "rds:*" ], "Condition": { "StringEquals": { "ec2:Region": "ap-southeast-1" } }, "Resource": [ "*" ] } ] } { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt----------", "Action": [ "rds:*", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "sns:ListSubscriptions", "sns:ListTopics", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": "arn:aws:rds:ap-southeast-1:*" } ] } { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1454649600000", "Effect": "Allow", "Action": [ "*" ], "Resource": [ "arn:aws:rds:ap-southeast-1:account number:*" ] } ] }