多个 aws 帐户的 Datadog AWS 集成
Datadog AWS integration for multiple aws account
我有两个 AWS 账户,我能够使用 Terraform 为第一个账户设置 AWS 集成,但是当我尝试为第二个账户创建 AWS 集成时出现错误。
我已经创建了一个具有内嵌策略的角色,我们没有设置跨账户。
! Datadog is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole. See http://docs.datadoghq.com/integrations/aws/
信任关系:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "xxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
]
}
谁能指导我如何解决这个错误?
角色 arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole 还必须具有在其他帐户上承担该角色的权限。
您必须更新主帐户上的 DatadogAWSIntegrationRole 以包括:
{
"Version": "2012-10-17",
"Statement": [
...
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::xxxxxxxxxxxx:role/AssumedRoleForDataDogInOtherAccount"
}
]
}
我有两个 AWS 账户,我能够使用 Terraform 为第一个账户设置 AWS 集成,但是当我尝试为第二个账户创建 AWS 集成时出现错误。
我已经创建了一个具有内嵌策略的角色,我们没有设置跨账户。
! Datadog is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole. See http://docs.datadoghq.com/integrations/aws/
信任关系:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::xxxxxxxxxxxx:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "xxxxxxxxxxxxxxxxxxxxxxxxxx"
}
}
}
]
}
谁能指导我如何解决这个错误?
角色 arn:aws:iam::xxxxxxxxxx:role/DatadogAWSIntegrationRole 还必须具有在其他帐户上承担该角色的权限。
您必须更新主帐户上的 DatadogAWSIntegrationRole 以包括:
{
"Version": "2012-10-17",
"Statement": [
...
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::xxxxxxxxxxxx:role/AssumedRoleForDataDogInOtherAccount"
}
]
}