amazon-web-services - 部署 CloudFormation 堆栈以创建 ElasticBeanstalk 应用程序时出现 InsufficientPrivilegesException
问题描述
我编写了一个创建 ElasticBeanstalk 应用程序的 CloudFormation 模板。但是,当我执行模板时,我收到以下错误:Access Denied (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: 6c580af3-250d-4658-bc2f-8f6af4c1dd6d; Proxy: null).
我需要添加什么权限?
我的 CloudFormation 脚本的相关部分:
# The role used by CloudFormation to create the stack
CFNRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
Version: "2012-10-17"
Path: /
Policies:
- PolicyName: CloudFormationRole
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "ec2:*"
- "elasticbeanstalk:*"
- "iam:*"
- "lambda:*"
- "logs:*"
Effect: Allow
Resource: "*"
# more stuff here...
# Create the EB app without an Environment for now
EBApp1:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: my-api
解决方案
事实证明我错过了 CFNRole 上的 S3 权限。我将权限修改为以下,可以部署堆栈。
CFNRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
Version: "2012-10-17"
Path: /
Policies:
- PolicyName: CloudFormationRole
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "ec2:*"
- "elasticbeanstalk:*"
- "iam:*"
- "lambda:*"
- "logs:*"
- "s3:*" #### Added this line ####
Effect: Allow
Resource: "*"
推荐阅读
- python - DrawBoundingBoxes 的 Tensorflow 形状排名错误
- c - 如何在c中将静态数组转换为动态数组?
- typescript - 如何键入包含一个或多个字符串集合的字符串数组?
- c# - 如何将传入消息映射到 Azure Eventhub 中的使用者组
- scala - Spark 在 S3 中创建额外的分区列
- math - 使用先前数据统计的新数据的中位数
- java - 如何使用 GSON 将 JSON 反序列化为不同字段的对象
- node.js - Docker Compose 构建然后 package.json 没有这样的文件或目录,打开
- redirect - 直接链接与重定向
- amazon-web-services - VPC 内的 AWS Lambda。504 网关超时 (ENI?)