Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 信任关系错误AssumeRole策略只能指定STS AssumeRole操作_Amazon Web Services_Amazon Ec2_Amazon Iam - Fatal编程技术网
Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 信任关系错误AssumeRole策略只能指定STS AssumeRole操作

Amazon web services 信任关系错误AssumeRole策略只能指定STS AssumeRole操作

amazon-web-services amazon-ec2

Amazon web services 信任关系错误AssumeRole策略只能指定STS AssumeRole操作,amazon-web-services,amazon-ec2,amazon-iam,Amazon Web Services,Amazon Ec2,Amazon Iam,我正在尝试添加信任关系,以允许codedeploy为我的角色工作 我有下面的json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": ["ec2.amazonaws.com", "codedeploy.amazonaws.com"] }, "Action": ["sts:AssumeRol

我正在尝试添加信任关系,以允许codedeploy为我的角色工作

我有下面的json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": ["ec2.amazonaws.com", "codedeploy.amazonaws.com"]
      },
      "Action": ["sts:AssumeRole",
                "codedeploy:GetApplication",
                "codedeploy:GetDeploymentGroup",
                "codedeploy:CreateDeployment",
                "codedeploy:GetDeployment"      
      ]
    }
  ]
}
我一直得到以下错误

您在策略中混合了两个不同的概念:信任关系和IAM操作

您需要有两个不同的策略,一个用于IAM角色,如:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
IAM政策的其他要求如下:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codedeploy.amazonaws.com"
      },
      "Action": [
        "codedeploy:GetApplication",
        "codedeploy:GetDeploymentGroup",
        "codedeploy:CreateDeployment",
        "codedeploy:GetDeployment"
     ]
    }
  ]
}
你有没有试过把它分成两种说法?一个用于
sts:AssumeRole
,另一个用于
codedeploy:
?我尝试了这个,但出现了相同的错误{“版本”:“2012-10-17”,“语句”:[{“效果”:“允许”,“主体”:{“服务”:“ec2.amazonaws.com”},“操作”:“sts:AssumeRole”},{“效果”:“允许”,“主体”:{“Service”:“codedeploy.amazonaws.com”},“Action”:“codedeploy:*”}]}我添加了单独的策略,但在我的管道中仍然出现以下错误。此任务需要权限才能调用以下AWS服务API(取决于所选的任务选项,并非所有API都可以使用):*codedeploy:GetApplication*codedeploy:GetDeploymentGroup*codedeploy:CreateDeployment*codedeploy:GetDeployment@MicroMan看一看,您似乎需要反过来设置主体。您希望codedeploy主体使用
sts:AssumeRole
,codedeploy操作使用
ec2.amazonaws.com
请您发送一个示例,我不知道您的意思是什么?@MicroMan在上面的示例中,将
ec2.amazonaws.com
更改为
codedeploy.amazonaws.com
,将
ec2.amazonaws.com
更改为
此策略包含以下错误:已禁止字段主体有关IAM策略语法的详细信息,请参阅AWS IAM策略