Amazon s3 Amazon红移:访问被拒绝RestoreClusterSnapshotRequest
尝试使用快照恢复群集时遇到问题。如果有人给我指点,我将不胜感激 使用的代码是:Amazon s3 Amazon红移:访问被拒绝RestoreClusterSnapshotRequest,amazon-s3,amazon-redshift,aws-sdk,Amazon S3,Amazon Redshift,Aws Sdk,尝试使用快照恢复群集时遇到问题。如果有人给我指点,我将不胜感激 使用的代码是: var con = new AmazonRedshiftClient(acess_key_id, secret_acess_key, Amazon.RegionEndpoint.USWest2); var restore = new Amazon.Redshift.Model.RestoreFromClusterSnapshotRequest() { Clus
var con = new AmazonRedshiftClient(acess_key_id, secret_acess_key, Amazon.RegionEndpoint.USWest2);
var restore = new Amazon.Redshift.Model.RestoreFromClusterSnapshotRequest()
{
ClusterIdentifier = clusterIdentifier,
SnapshotIdentifier = snapshotIdentifier,
AvailabilityZone = "us-west-2a",
};
var response = con.RestoreFromClusterSnapshot(restore);
Console.WriteLine("Cluster Status : {0}", response.Cluster.ClusterStatus);
当它调用RestoreClusterSnapshotRequest操作时,我有一个异常:
“访问被拒绝。请确保您的IAM权限允许此操作。”
对Amazon Redshift使用基于身份的策略(IAM策略),如下所示
政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"redshift:CopyClusterSnapshot",
"redshift:RestoreFromClusterSnapshot",
"redshift:AuthorizeSnapshotAccess",
"redshift:RevokeSnapshotAccess"
],
"Resource": [
"arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd",
"arn:aws:redshift:us-west-2: {AccoundId}:cluster:*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:DescribeClusterSnapshots"
],
"Resource": [
"*"
]
}
]
}
谁能帮我解决这个问题。。如果我在使用过程中犯了任何错误,请纠正我
提前感谢我想您错过了“资源”部分中的快照详细信息部分。 请参阅以下更新版本:
"Resource": [
"arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd",
"arn:aws:redshift:us-west-2: {AccoundId}:cluster:*",
"arn:aws:redshift:us-west-2:{AccoundId}:snapshot:*"
]
希望这对您有所帮助。如中所建议,您应该更改此行:
"arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd",
到
另外,我通过AWS支持部门的一系列尝试和错误以及帮助发现,您还需要几个ec2
权限才能从快照恢复红移群集。目前的名单如下:
{
"Sid": "",
"Effect": "Allow",
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways"
],
"Resource": "*"
}
您可能只想执行ec2:descripe*
,以方便和/或在将来权限的确切设置发生变化时防止这种中断
(搜索“RestoreFromClusterSnapshot”)应该很快更新此信息。疯狂,但这是秘密
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways"
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways"