我试图在js处理程序中获取ssm参数,如下所示:
module.exports.post = (event, context, callback) => {
var params = {
Name: 'myParameter',
WithDecryption: true || false
};
ssm.getParameter(params, function(err, data) {
if (err) console.log(err, err.stack);
else console.log(data);
});
};
并且我在serverless.yml文件中添加了以下权限角色
iamRoleStatements:
- Effect: Allow
Action:
- ssm:GetParameters
- ssm:GetParameter
- ssm:DescribeParameters
- kms:Encrypt
- kms:Decrypt
Resource: "*"
使用CLI我可以成功执行 aws ssm get-parameter --names myParameter
但是当我调用该函数时,我在cloudWatch中收到以下错误
AccessDeniedException:用户:myUser无权执行:资源:myResource / myParameter上的ssm:GetParameter
我试图使用getParameters函数,获取确切的名称资源,但仍然是相同的错误消息。
任何帮助将非常感激。
javascript amazon-web-services node.js amazon-iam serverless
我正在尝试使用 terraform 配置 ECS 集群,在我创建 ecs 服务之前,一切似乎都运行良好:
resource "aws_ecs_service" "ecs-service" {
name = "ecs-service"
iam_role = "${aws_iam_role.ecs-service-role.name}"
cluster = "${aws_ecs_cluster.ecs-cluster.id}"
task_definition = "${aws_ecs_task_definition.my_cluster.family}"
desired_count = 1
load_balancer {
target_group_arn = "${aws_alb_target_group.ecs-target-group.arn}"
container_port = 80
container_name = "my_cluster"
}
}
IAM 角色是:
resource "aws_iam_role" "ecs-service-role" {
name = "ecs-service-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs-service-role-attachment" {
role = "${aws_iam_role.ecs-service-role.name}" …