Amazon web services 使用AWS CLI创建CloudFront失效时拒绝访问
我正在使用AWS CLI在脚本中创建CloudFront发行版:Amazon web services 使用AWS CLI创建CloudFront失效时拒绝访问,amazon-web-services,amazon-cloudfront,amazon-iam,aws-cli,Amazon Web Services,Amazon Cloudfront,Amazon Iam,Aws Cli,我正在使用AWS CLI在脚本中创建CloudFront发行版: aws configure set preview.cloudfront true aws cloudfront create-invalidation --distribution-id ABCD1234 --paths '/*' 我根据以下声明制定了一项政策: { "Sid": "xxx", "Effect": "Allow", "Action": [ "cloudfront:Crea
aws configure set preview.cloudfront true
aws cloudfront create-invalidation --distribution-id ABCD1234 --paths '/*'
我根据以下声明制定了一项政策:
{
"Sid": "xxx",
"Effect": "Allow",
"Action": [
"cloudfront:CreateInvalidation"
],
"Resource": [
"arn:aws:cloudfront::xxx:distribution/ABCD1234"
]
}
策略附加到正在运行该命令的用户。但是,我仍然会遇到以下错误:
调用CreateInvalization操作时发生客户端错误(AccessDenied):用户:arn:aws:iam::xxx:User/yyy无权执行:cloudfront:CreateInvalization
问题是CloudFront无法使用指定资源的策略。“加宽”策略修复了错误 国家: CloudFront不支持IAM的资源级别权限 它还埋在: 这意味着政策需要:
{
"Sid": "xxx",
"Effect": "Allow",
"Action": [
"cloudfront:CreateInvalidation"
],
"Resource": [
"*" <-- must be a wildcard
]
}
{
“Sid”:“xxx”,
“效果”:“允许”,
“行动”:[
“cloudfront:CreateInvalization”
],
“资源”:[
"*"
{
"Sid": "xxx",
"Effect": "Allow",
"Action": [
"cloudfront:CreateInvalidation"
],
"Resource": [
"*" <-- must be a wildcard
]
}