假设我有以下 IAM 信任策略(用 Terraform 编写):
data "aws_iam_policy_document" "my_trust_policy" {
statement {
actions = ["sts:AssumeRole"]
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
resource "aws_iam_role" "my_iam_role" {
name = "my_iam_role"
assume_role_policy = data.aws_iam_policy_document.my_trust_policy.json
}
这是否有效地允许任何 EC2 实例承担此角色以及附加到此角色的任何权限?