【发布时间】:2016-12-08 23:53:14
【问题描述】:
我正在尝试向 IAM 密码用户授予对 Elastic Beanstalk 应用程序的完全访问权限(创建/修改/删除环境)。遵循 AWS 文档 here 导致用户能够看到应用程序但无法查看环境或创建新环境(消息:访问被拒绝,没有进一步说明)。
这是附加的当前政策:
{
"Version": "XXX-XX-XX",
"Statement": [
{
"Sid": "StmtXXXXXXXXX",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"autoscaling:*"
],
"Resource": [
"arn:aws:elasticbeanstalk:eu-west-1:<accountId>:application/<app-name>",
"arn:aws:elasticbeanstalk:eu-west-1:<accountId>:applicationversion/<app-name>",
"arn:aws:elasticbeanstalk:eu-west-1:<accountId>:environment/<app-name>/*",
"arn:aws:elasticbeanstalk:us-west-1::solutionstack/*"
]
},
{
"Action": [
"elasticbeanstalk:CheckDNSAvailability",
"elasticbeanstalk:CreateStorageLocation",
"autoscaling:DescribeAutoScalingGroups"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
有人做过吗?
【问题讨论】:
标签: amazon-web-services amazon-ec2 amazon-elastic-beanstalk roles amazon-iam