Sam*_*Sam 5 amazon-web-services amazon-iam elastic-beanstalk
我有一个 IAM 策略设置,我认为它提供了将新版本部署到 Elastic Beanstalk 应用程序的正确权限。我仍然得到InsufficientPrivilegesException,特别是:
aws elasticbeanstalk update-environment --environment-name LearnTfsBff --version-label LearnTfsBff-30
调用 UpdateEnvironment 操作时发生错误 (InsufficientPrivilegesException):拒绝访问
这是为部署用户设置的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:*",
"cloudformation:GetTemplate",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"autoscaling:*",
"cloudfront:CreateInvalidation",
"ec2:describeVpcs",
"ec2:DescribeImages",
"elasticbeanstalk:CreateApplicationVersion",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:UpdateEnvironment",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"s3:ListAllMyBuckets",
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::learn-tfs-builds"
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::learn-tfs-*"
}
]
}
我尝试添加"elasticbeanstalk:*"为允许的操作,但没有解决权限问题。我添加"*"了允许并且确实解决了它,但不是一个允许的解决方案。
如何调试 AWS 中需要哪些特定权限?
谢谢,
山姆
小智 4
从本指南看来,您可能还需要弹性 beanstalk 存储桶的 S3 访问权限,IE:
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetBucketPolicy",
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-[region]-[accountid]",
"arn:aws:s3:::elasticbeanstalk-[region]-[accountid]/*"
]
}
| 归档时间: |
|
| 查看次数: |
5059 次 |
| 最近记录: |