# Amazon EC2：允许以编程方式和在控制台中启动或停止用户已标记的 EC2 实例
<a name="reference_policies_examples_ec2_tag-owner"></a>

此示例说明了如何创建基于身份的策略以允许 IAM 用户启动或停止 EC2 实例，但仅限实例标签 `Owner` 具有该用户的用户名值时。此策略定义了程序访问和控制台访问的权限。

------
#### [ JSON ]

****  

```
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:{{*}}:{{*}}:instance/*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/Owner": "${aws:username}"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": "ec2:DescribeInstances",
            "Resource": "*"
        }
    ]
}
```

------