Tam*_*ana 3 amazon-web-services amazon-ecs amazon-iam
我正在尝试从 AWS API 获取在我的 ECS 环境中运行的任务列表,但我一直遇到相同的错误:
用户:arn:aws:iam::[my_id]:user/[username] 无权执行:ecs:ListTasks on resource: *
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ecs:RunTask",
"ecs:ListTasks",
"ecs:StartTask",
"ecs:StopTask"
],
"Resource": [
"arn:aws:ecs:us-east-1:[my_id]:task/*",
"arn:aws:ecs:us-east-1:[my_id]:task-definition/*",
"arn:aws:ecs:us-east-1:[my_id]:cluster/*",
"arn:aws:ecs:us-east-1:[my_id]:task-set/*/*/*",
"arn:aws:ecs:us-east-1:[my_id]:container-instance/*",
"arn:aws:ecs:us-east-1:[my_id]:service/*"
]
}
]
}
如您所见,我应该使用所有可用资源访问该操作。我错过了什么?
谢谢。
该listTasks操作仅支持container instances作为资源而不是cluster arn. 将cluster arn只能被添加为条件。
以下政策有效。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ecs:ListTasks",
"Resource": "*",
"Condition": {
"ArnEquals": {
"ecs:cluster": "arn:aws:ecs:ap-southeast-2:[account id]:cluster/MyEcsCluster"
}
}
}
]
}
参考:
Amazon Elastic Container Service 定义的操作
(检查ListTasks此参考中的操作)
希望这可以帮助。
| 归档时间: |
|
| 查看次数: |
4113 次 |
| 最近记录: |