Error: error listing tags for SNS Topic while policy grants the permission for that arn
Error: error listing tags for SNS Topic while policy grants the permission for that arn
我为用户附加了以下政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetSecurityGroups"
],
"Resource": [
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:loadbalancer/app/my-lb/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:listener/app/my-lb/*/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:targetgroup/my-target-group/*"
]
},
]
}
我仍然看到以下错误:
Error: error reading ELBv2 Target Group (arn:aws:elasticloadbalancing:ap-south-1:XXXXXXXXXXXX:targetgroup/my-target-group/55718775ec3196ff): AccessDenied: User: arn:aws:iam::XXXXXXXXXXXX:user/deploy_user is not authorized to perform: elasticloadbalancing:DescribeTargetGroups
我无法理解这一点 behaviour.I 查看政策分为 ELB 和 ELB v2。所有“描述”权限都属于 ELB v2。
ELB v2 actions screenshot
Since DescribeTargetGroups doesn't support resource-level permissions,尝试使用 *:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "elasticloadbalancing:DescribeTargetGroups",
"Resource": "*"
}
]
}
我为用户附加了以下政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetSecurityGroups"
],
"Resource": [
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:loadbalancer/app/my-lb/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:listener/app/my-lb/*/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:targetgroup/my-target-group/*"
]
},
]
}
我仍然看到以下错误:
Error: error reading ELBv2 Target Group (arn:aws:elasticloadbalancing:ap-south-1:XXXXXXXXXXXX:targetgroup/my-target-group/55718775ec3196ff): AccessDenied: User: arn:aws:iam::XXXXXXXXXXXX:user/deploy_user is not authorized to perform: elasticloadbalancing:DescribeTargetGroups
我无法理解这一点 behaviour.I 查看政策分为 ELB 和 ELB v2。所有“描述”权限都属于 ELB v2。 ELB v2 actions screenshot
Since DescribeTargetGroups doesn't support resource-level permissions,尝试使用 *:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "elasticloadbalancing:DescribeTargetGroups",
"Resource": "*"
}
]
}