本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# 实例注册策略
<a name="registered-instances-register-registering-template"></a>

**重要**  
该 AWS OpsWorks Stacks 服务于 2024 年 5 月 26 日终止，新客户和现有客户均已禁用。我们强烈建议客户尽快将其工作负载迁移到其他解决方案。如果您对迁移有疑问，请通过 re [AWS : Post 或通过 Pre](https://repost.aws/) mium Su [AWS pp](https://aws.amazon.com/support) ort 与 AWS 支持 团队联系。

`AWSOpsWorksRegisterCLI_EC2`和`AWSOpsWorksRegisterCLI_OnPremises`策略分别为注册实例 EC2 和本地实例提供了正确的权限。您可以向 IAM 用户添加`AWSOpsWorksRegisterCLI_EC2`以注册 EC2实例，但`AWSOpsWorksRegisterCLI_OnPremises`要向您的用户添加以注册本地实例。要使用这些策略，您必须运行至少版本 1.16.180 AWS CLI 或更高版本。

## `AWSOpsWorksRegisterCLI_EC2` 策略
<a name="instance-profile-policy"></a>

`AWSOpsWorksRegisterCLI_EC2`添加到您的用户以注册 EC2 实例。如果您计划仅注册 EC2实例，则应使用此配置文件。当您使用此策略时，权限由 EC2实例的实例配置文件提供。

------
#### [ JSON ]

****  

```
{
      "Version":"2012-10-17",		 	 	 
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "opsworks:AssignInstance",
            "opsworks:CreateLayer",
            "opsworks:DeregisterInstance",
            "opsworks:DescribeInstances",
            "opsworks:DescribeStackProvisioningParameters",
            "opsworks:DescribeStacks",
            "opsworks:UnassignInstance"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "ec2:DescribeInstances"
          ],
          "Resource": [
            "*"
          ]
        }
      ]
    }
```

------

## （已淘汰）`AWSOpsWorksRegisterCLI_OnPremises` 策略
<a name="register-onprem-policy"></a>

将 `AWSOpsWorksRegisterCLI_OnPremises` 添加到您的用户以注册本地实例。此策略包括 IAM 权限，例如 `AttachUserPolicy`，但这些权限起作用的资源是受限的。

------
#### [ JSON ]

****  

```
    {
      "Version":"2012-10-17",		 	 	 
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "opsworks:AssignInstance",
            "opsworks:CreateLayer",
            "opsworks:DeregisterInstance",
            "opsworks:DescribeInstances",
            "opsworks:DescribeStackProvisioningParameters",
            "opsworks:DescribeStacks",
            "opsworks:UnassignInstance"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "ec2:DescribeInstances"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "iam:CreateGroup",
            "iam:AddUserToGroup"
          ],
          "Resource": [
            "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "iam:CreateUser",
            "iam:CreateAccessKey"
          ],
          "Resource": [
            "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "iam:AttachUserPolicy"
          ],
          "Resource": [
            "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
          ],
          "Condition": {
            "ArnEquals": 
              {
                "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration"
              }
            }
        }
      ]
    }
```

------

## （已淘汰）`AWSOpsWorksRegisterCLI` 策略
<a name="registercli-policy"></a>

**重要**  
`AWSOpsWorksRegisterCLI` 策略已被淘汰，不能用于注册新实例。它仅适用于已注册的实例的向后兼容性。`AWSOpsWorksRegisterCLI` 策略包含许多 IAM 权限，包括 `CreateUser`、`PutUserPolicy` 和 `AddUserToGroup`。由于这些是管理员级权限，因此您应该仅将 `AWSOpsWorksRegisterCLI` 策略分配给受信任的管理用户。