AWS CLI Client.UnauthorizedOperation即使设置了密钥也是如此

Question

我正在尝试设置AWS CLI工具,并按照说明进行操作 http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/set-up-ec2-cli-linux.html#setting_up_ec2_command_linux上的

然而,在所有的步骤,并且设置了后我AWS_ACCESS_KEY和AWS_SECRET_KEY,我得到

$ ec2-describe-regions
Client.UnauthorizedOperation: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 55f02cc4-2e9f-4a0a-8b55-46bcc1973f50)

然后我尝试重新生成新凭据,但仍然得到相同的错误.我似乎无法找到有关此问题的其他任何人的信息.我尝试使用-O和传递密钥-W,但这也不起作用.

知道我可能做错了什么吗？

Answer 1

我处于免费层,发现更容易向单个用户授予管理员策略,这支持所有amazon命令行工具的访问权限.如果您认为该政策过于宽松,您可以在以后降级该政策.

1. 访问https://console.aws.amazon.com/iam/home
2. 选择policies在左侧菜单的
3. 从amazons现有策略创建管理员策略
4. 选择管理员复选框并附加到您的用户

假设您已设置了访问密钥,则现在应该对给定用户具有完整的命令行访问权限.

之前

› ec2-describe-regions
Client.UnauthorizedOperation: You are not authorized to perform this operation. (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: 3398ed18-1caf-4c04-865b-a54f796c653c)

后

› ec2-describe-regions
REGION  eu-central-1    ec2.eu-central-1.amazonaws.com
REGION  sa-east-1   ec2.sa-east-1.amazonaws.com
REGION  ap-northeast-1  ec2.ap-northeast-1.amazonaws.com
REGION  eu-west-1   ec2.eu-west-1.amazonaws.com
REGION  us-east-1   ec2.us-east-1.amazonaws.com
REGION  us-west-1   ec2.us-west-1.amazonaws.com
REGION  us-west-2   ec2.us-west-2.amazonaws.com
REGION  ap-southeast-2  ec2.ap-southeast-2.amazonaws.com
REGION  ap-southeast-1  ec2.ap-southeast-1.amazonaws.com

亚马逊用户体验需要一些时间才能适应它

Answer 2

非常不幸的是,使用EC2 CLI工具的基本指南甚至没有提到这一点,但看起来我的问题是我的IAM帐户下没有正确的策略设置.

{
"Version": "2012-10-17",
"Statement": [{
  "Effect": "Allow",
  "Action": "ec2:Describe*",
  "Resource": "*"
}]
}

有关详细信息,请参阅此链接:http: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.html