Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Aws lambda CloudFormation更改集用户未经授权_Aws Lambda_Amazon Cloudformation_Aws Serverless - Fatal编程技术网
Fatal编程技术网
  • aws-lambda/
  • Aws lambda CloudFormation更改集用户未经授权

Aws lambda CloudFormation更改集用户未经授权

aws-lambda amazon-cloudformation

Aws lambda CloudFormation更改集用户未经授权,aws-lambda,amazon-cloudformation,aws-serverless,Aws Lambda,Amazon Cloudformation,Aws Serverless,我正在尝试将aws lambda发布到我的客户aws帐户,但我一直收到此错误消息 Error creating CloudFormation change set: User: arn:aws:iam::xxxxxx:user/testuser is not authorized to perform: cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:eu-west-1:xxxx:stack/test-Stac

我正在尝试将aws lambda发布到我的客户aws帐户,但我一直收到此错误消息

Error creating CloudFormation change set: User: arn:aws:iam::xxxxxx:user/testuser is not authorized to perform: cloudformation:CreateChangeSet on resource: arn:aws:cloudformation:eu-west-1:xxxx:stack/test-Stack/*
当我在自己的帐户上进行测试时,我添加了我的IAM用户,该用户具有“AdministratorAccess”策略,基本上允许所有操作

我检查了策略,只有“CloudFormationReadonlyAccess”,但不允许写入/删除。我应该要求我的客户向IAM用户分配什么策略

我还尝试增加我的角色

"cloudformation:CreateStack",
"cloudformation:CreateChangeSet",
"cloudformation:ListStacks",
"cloudformation:UpdateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackEvents",
"cloudformation:ValidateTemplate",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet"
但是同样的错误也会发生。

您需要指定允许这些操作的资源。具体地说

      - Action:
        - cloudformation:CreateStack
        - cloudformation:DeleteStack
        - cloudformation:UpdateStack
        - cloudformation:DescribeStacks
        - cloudformation:DescribeChangeSet
        - cloudformation:CreateChangeSet
        - cloudformation:DeleteChangeSet
        - cloudformation:ExecuteChangeSet
        Effect: Allow
        Resource:
        - !Join
          - ':'
          - - arn
            - aws
            - cloudformation
            - !Ref 'AWS::Region'
            - !Ref 'AWS::AccountId'
            - !Join
              - /
              - - stack
                - test-stack
                - '*'
还要检查sts:AssumeRole服务是cloudformation.amazonaws.com

您需要指定允许这些操作的资源。具体地说

      - Action:
        - cloudformation:CreateStack
        - cloudformation:DeleteStack
        - cloudformation:UpdateStack
        - cloudformation:DescribeStacks
        - cloudformation:DescribeChangeSet
        - cloudformation:CreateChangeSet
        - cloudformation:DeleteChangeSet
        - cloudformation:ExecuteChangeSet
        Effect: Allow
        Resource:
        - !Join
          - ':'
          - - arn
            - aws
            - cloudformation
            - !Ref 'AWS::Region'
            - !Ref 'AWS::AccountId'
            - !Join
              - /
              - - stack
                - test-stack
                - '*'
还要检查sts:AssumeRole服务是cloudformation.amazonaws.com