Lambda &引用;s3:CreateBucket访问被拒绝;关于简单的无服务器部署
我在尝试使用无服务器框架部署lambda时遇到权限问题 它实际上不适用于一个简单的(-给定的示例),我对AWS有管理员权限 所以我想知道我可能做错了什么 据我所知,它可能与授予CloudFormation的权限有关,但我不知道如何正确设置以使其运行Lambda &引用;s3:CreateBucket访问被拒绝;关于简单的无服务器部署,lambda,deployment,serverless-framework,Lambda,Deployment,Serverless Framework,我在尝试使用无服务器框架部署lambda时遇到权限问题 它实际上不适用于一个简单的(-给定的示例),我对AWS有管理员权限 所以我想知道我可能做错了什么 据我所知,它可能与授予CloudFormation的权限有关,但我不知道如何正确设置以使其运行 当试图 $ serverless deploy -v --region eu-west-1 我得到以下错误: Serverless: Packaging service... Serverless: Excluding development d
当试图
$ serverless deploy -v --region eu-west-1
我得到以下错误:
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Creating Stack...
Serverless: Checking Stack create progress...
CloudFormation - CREATE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - CREATE_IN_PROGRESS - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - CREATE_FAILED - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_IN_PROGRESS - AWS::CloudFormation::Stack - slstest-dev
CloudFormation - DELETE_COMPLETE - AWS::S3::Bucket - ServerlessDeploymentBucket
CloudFormation - DELETE_COMPLETE - AWS::CloudFormation::Stack - slstest-dev
Serverless: Operation failed!
Serverless: View the full error output: https://eu-west-1.console.aws.amazon.com/cloudformation/home?region=eu-west-1#/stack/detail?stackId=arn%3Aaws%3Acloudformation%3Aeu-west-1%3A175264504000%3Astack%2Fslstest-dev%2Fa097e1b0-994a-11eb-b621-0ad1aa52c931
Serverless Error ----------------------------------------
An error occurred: ServerlessDeploymentBucket - API: s3:CreateBucket Access Denied.
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Issues: forum.serverless.com
Your Environment Information ---------------------------
Operating System: linux
Node Version: 14.16.0
Framework Version: 2.33.1
Plugin Version: 4.5.3
SDK Version: 4.2.2
Components Version: 3.8.1
我通过以下操作创建了一个无服务器服务
$ serverless
Serverless: No project detected. Do you want to create a new one? Yes
Serverless: What do you want to make? AWS Python
Serverless: What do you want to call this project? slstest
Project successfully created in 'slstest' folder.
You can monitor, troubleshoot, and test your new service with a free Serverless account.
Serverless: Would you like to enable this? No
You can run the “serverless” command again if you change your mind later.
$ cd slstest
这是我的无服务器.yml
:
服务:slstest
框架版本:“2”
供应商:
名称:aws
运行时:python3.8
lambdahashing版本:20201221
功能:
你好:
handler:handler.hello
活动:
-httpApi:
路径:/hello
方法:邮寄
我的~/.aws/credentials
文件包含
[default]
aws_access_key_id=<key>
aws_secret_access_key=<secret>
[默认值]
aws\u访问\u密钥\u id=
aws\u密码\u访问\u密钥=
这是指一个管理员帐户。尝试使用
AWS\u PROFILE=default serverless deploy-v--region eu-west-1
或serverless deploy-v--region eu-west-1--AWS PROFILE default
如果这仍然不起作用,请验证您提供的访问密钥是否确实具有使用创建s3存储桶的权限。事实证明,问题在于AWS需要多目标身份验证(MFA) 我用一种方法解决了它
- 编写一个脚本,能够使用给定的配置文件动态生成MFA认证的AWS配置文件,以识别MFA设备的ARN和MFA令牌
- 使用创建的MFA身份验证AWS配置文件进行部署