certificatemanager:changeResourceRecordSets 用户无权访问此资源
certificatemanager:changeResourceRecordSets user is not authorized to access this resource
尝试使用 Amazon Certificate Manager 创建 SSL 证书,按照此处 -
https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af
我有一个具有以下策略的部署用户 -
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:*",
"s3:*",
"route53:*",
"acm:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
但是当我部署时,我得到以下 -
API: certificatemanager:changeResourceRecordSets User #{my_IAM_deploy_user} is not authorized to access this resource
尽管有 acm:* 访问权限,但为什么我会收到此错误?
(想知道是否与 相关,但无法确切了解)
(下面的 Cloudformation 模板)
---
AWSTemplateFormatVersion: '2010-09-09'
Description: cloudfront-route53-demo-cert
Parameters:
DomainName:
Type: String
HostedZoneId:
Type: String
Default: Z1BKCTXD74EZPE # eu-west-1; https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints
Outputs:
CertificateARN:
Value:
Ref: Certificate # returns ARN
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName:
Ref: DomainName
DomainValidationOptions:
- DomainName:
Ref: DomainName
HostedZoneId:
Ref: HostedZoneId
ValidationMethod: DNS
我误解了 HostedZoneId 是什么。我认为这是某种特定于 route53 区域的单例,但结果证明它只是我创建的 route53 HostedZone 的 id。确实有点明显。
尝试使用 Amazon Certificate Manager 创建 SSL 证书,按照此处 -
https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af
我有一个具有以下策略的部署用户 -
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:*",
"s3:*",
"route53:*",
"acm:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
但是当我部署时,我得到以下 -
API: certificatemanager:changeResourceRecordSets User #{my_IAM_deploy_user} is not authorized to access this resource
尽管有 acm:* 访问权限,但为什么我会收到此错误?
(想知道是否与
(下面的 Cloudformation 模板)
---
AWSTemplateFormatVersion: '2010-09-09'
Description: cloudfront-route53-demo-cert
Parameters:
DomainName:
Type: String
HostedZoneId:
Type: String
Default: Z1BKCTXD74EZPE # eu-west-1; https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints
Outputs:
CertificateARN:
Value:
Ref: Certificate # returns ARN
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName:
Ref: DomainName
DomainValidationOptions:
- DomainName:
Ref: DomainName
HostedZoneId:
Ref: HostedZoneId
ValidationMethod: DNS
我误解了 HostedZoneId 是什么。我认为这是某种特定于 route53 区域的单例,但结果证明它只是我创建的 route53 HostedZone 的 id。确实有点明显。