AWSIotException:尝试附加策略时不允许跨账户
AWSIotException: Cross account not allowed when trying to attach policy
我正在尝试生成策略并将其附加到我的证书。我使用下一个代码:
String topicName = String.format("certificates/%s", certificateId);
String policyName = String.format("Policy_%s", certificateId);
String target = String.format("arn:aws:iot:%s:123456789012:cert/%s", region, certificateId);
String policy = String.format(POLICY, certificateId, topicName, topicName);
awsIotClient.createPolicy(new CreatePolicyRequest().withPolicyDocument(policy).withPolicyName(policyName));
awsIotClient.attachPolicy(new AttachPolicyRequest().withTarget(target).withPolicyName(policyName));
我在尝试执行 awsIotClient.attachPolicy(...) 时遇到错误:
Exception in thread "main" com.amazonaws.services.iot.model.AWSIotException: Cross account not allowed. (Service: AWSIot; Status Code: 403; Error Code: AccessDeniedException; Request ID: b943-.....
我的用户帐户具有 AdministratorAccess 权限。为什么会出现此错误以及如何解决?提前致谢。
我发现了一个错误。它是 arn:aws:iot:%s:123456789012:cert/%s 中的 accountId。我的 AWS 用户有另一个 accountId,我试图将策略添加到另一个 account_ID 所以我得到了不允许跨账户的错误。
我正在尝试生成策略并将其附加到我的证书。我使用下一个代码:
String topicName = String.format("certificates/%s", certificateId);
String policyName = String.format("Policy_%s", certificateId);
String target = String.format("arn:aws:iot:%s:123456789012:cert/%s", region, certificateId);
String policy = String.format(POLICY, certificateId, topicName, topicName);
awsIotClient.createPolicy(new CreatePolicyRequest().withPolicyDocument(policy).withPolicyName(policyName));
awsIotClient.attachPolicy(new AttachPolicyRequest().withTarget(target).withPolicyName(policyName));
我在尝试执行 awsIotClient.attachPolicy(...) 时遇到错误:
Exception in thread "main" com.amazonaws.services.iot.model.AWSIotException: Cross account not allowed. (Service: AWSIot; Status Code: 403; Error Code: AccessDeniedException; Request ID: b943-.....
我的用户帐户具有 AdministratorAccess 权限。为什么会出现此错误以及如何解决?提前致谢。
我发现了一个错误。它是 arn:aws:iot:%s:123456789012:cert/%s 中的 accountId。我的 AWS 用户有另一个 accountId,我试图将策略添加到另一个 account_ID 所以我得到了不允许跨账户的错误。