IAM

cat << EOF > policy.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowDescribeSecurityGroupRules",
      "Effect": "Allow",
      "Action": "ec2:DescribeSecurityGroupRules",
      "Resource": "*"
    },
    {
      "Sid": "AllowRevokeSecurityGroupPermissions",
      "Effect": "Allow",
      "Action": [
        "ec2:RevokeSecurityGroupIngress",
        "ec2:RevokeSecurityGroupEgress"
      ],
      "Resource": "arn:aws:ec2:ap-northeast-2:362708816803:security-group/<Security_Group_ID>"
    }
  ]
}
EOF
Shell
복사

aws iam create-policy --policy-name RevokeSecurityGroupPolicy --policy-document file://policy.json
Shell
복사

cat << EOF > trust-policy.json
{
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Principal": {
              "Service": "lambda.amazonaws.com"
          },
          "Action": "sts:AssumeRole"
      }
  ]
}
EOF
Shell
복사

aws iam create-role --role-name RevokeSecurityGroupRole --assume-role-policy-document file://trust-policy.json
Shell
복사

aws iam attach-role-policy --role-name RevokeSecurityGroupRole --policy-arn arn:aws:iam::362708816803:policy/RevokeSecurityGroupPolicy
Shell
복사