Amazon web services AWS代码管道:部署失败。提供的角色没有足够的权限:部署应用程序失败
我正在使用Beanstalk和Codepipeline 它在构建之前工作正常,但是 部署失败。提供的角色没有足够的权限 权限:未能部署应用程序。服务:AWSLogs, 信息:用户: arn:aws:sts:::假定角色/管道角色/不是 授权在资源上执行:日志:CreateLogGroup: arn:aws:logs:ap-northeast-2::log group:/aws/elasticbeanstalk/repo env/var/log/nginx/error.log:log流: 在Beanstalk部署中发生 我需要日志组的权限吗 我的代码管道角色是Amazon web services AWS代码管道:部署失败。提供的角色没有足够的权限:部署应用程序失败,amazon-web-services,Amazon Web Services,我正在使用Beanstalk和Codepipeline 它在构建之前工作正常,但是 部署失败。提供的角色没有足够的权限 权限:未能部署应用程序。服务:AWSLogs, 信息:用户: arn:aws:sts:::假定角色/管道角色/不是 授权在资源上执行:日志:CreateLogGroup: arn:aws:logs:ap-northeast-2::log group:/aws/elasticbeanstalk/repo env/var/log/nginx/error.log:log流: 在Bea
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"opsworks:DescribeStacks",
"devicefarm:GetRun",
"rds:*",
"cloudformation:CreateChangeSet",
"autoscaling:*",
"codebuild:BatchGetBuilds",
"devicefarm:ScheduleRun",
"servicecatalog:ListProvisioningArtifacts",
"devicefarm:ListDevicePools",
"cloudformation:UpdateStack",
"servicecatalog:DescribeProvisioningArtifact",
"cloudformation:DescribeChangeSet",
"devicefarm:ListProjects",
"cloudformation:ExecuteChangeSet",
"sns:*",
"lambda:ListFunctions",
"lambda:InvokeFunction",
"codedeploy:RegisterApplicationRevision",
"devicefarm:CreateUpload",
"cloudformation:*",
"opsworks:DescribeDeployments",
"cloudformation:DescribeStacks",
"codecommit:GetUploadArchiveStatus",
"cloudwatch:*",
"cloudformation:DeleteStack",
"opsworks:DescribeInstances",
"ecs:*",
"ecr:DescribeImages",
"ec2:*",
"codebuild:StartBuild",
"cloudformation:ValidateTemplate",
"opsworks:DescribeApps",
"opsworks:UpdateStack",
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeploymentConfig",
"servicecatalog:CreateProvisioningArtifact",
"sqs:*",
"cloudformation:DeleteChangeSet",
"codecommit:GetCommit",
"servicecatalog:DeleteProvisioningArtifact",
"codedeploy:GetApplication",
"cloudformation:SetStackPolicy",
"codecommit:UploadArchive",
"s3:*",
"elasticloadbalancing:*",
"codecommit:CancelUploadArchive",
"devicefarm:GetUpload",
"elasticbeanstalk:*",
"opsworks:UpdateApp",
"opsworks:CreateDeployment",
"cloudformation:CreateStack",
"servicecatalog:UpdateProduct",
"codecommit:GetBranch",
"codedeploy:GetDeployment",
"opsworks:DescribeCommands"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": "codestar-connections:UseConnection",
"Resource": "*"
}
]
}
要解决此问题,请在第一个块的操作数组中添加“logs:*”。因为这为Cloudwatch日志提供了权限表单EBS 建议-我建议不要添加“*”,而是根据您的要求提供最低权限。对于这种情况-在第一个块的Actions数组中添加“logs:CreateLogGroup”