Fatal编程技术网
  • node.js/
  • Node.js 调用CreateStack操作时发生错误(AccessDenied):

Node.js 调用CreateStack操作时发生错误(AccessDenied):

node.js amazon-web-services docker deployment

Node.js 调用CreateStack操作时发生错误(AccessDenied):,node.js,amazon-web-services,docker,deployment,dockerfile,Node.js,Amazon Web Services,Docker,Deployment,Dockerfile,我尝试在命令上运行此命令: An error occurred (AccessDenied) when calling the CreateStack operation: User: arn:aws:iam::812520856627:user/dimitris is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-west-2:812520856627:s

我尝试在命令上运行此命令:

An error occurred (AccessDenied) when calling the CreateStack operation: User: arn:aws:iam::812520856627:user/dimitris is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-west-2:812520856627:stack/blog-stage/*
您正试图针对未被授权执行
cloudformation:CreateStack

要添加到用户,请转到->用户->选择用户->添加权限

尝试使用用户权限添加此策略

示例授予创建和查看堆栈操作的示例策略

Resources:
  AppNode:
    Type: AWS::EC2::Instance
    Properties:
        InstanceType: t2.micro
        ImageId: ami-0c579621aaac8bade
        KeyName: jimapos
        SecurityGroups:
          - !Ref AppNodeSG
  AppNodeSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: for the app nodes that allow ssh, http and docker ports
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
          - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0
您可以选中此项以自定义策略或将策略重新拾取到特定资源

您可以创建自定义策略,也可以附加以下现有策略

您没有这样做的有效权限<代码>用户/dimitris未经授权如何更改?您必须通过IAM授予权限。从AWS IAM,在云形成中为用户授予
CreateStack
权限。你能更具体地说明我如何做到这一点吗?我应该把上面的示例放在哪里作为示例?我已经选择了我的用户,但没有选择权限的选项。让我发布屏幕快照会更有帮助 
Resources:
  AppNode:
    Type: AWS::EC2::Instance
    Properties:
        InstanceType: t2.micro
        ImageId: ami-0c579621aaac8bade
        KeyName: jimapos
        SecurityGroups:
          - !Ref AppNodeSG
  AppNodeSG:
    Type: AWS::EC2::SecurityGroup
    Properties:
        GroupDescription: for the app nodes that allow ssh, http and docker ports
        SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: '80'
          ToPort: '80'
          CidrIp: 0.0.0.0/0
          - IpProtocol: tcp
          FromPort: '22'
          ToPort: '22'
          CidrIp: 0.0.0.0/0

{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect":"Allow",
        "Action":[
            "cloudformation:CreateStack",
            "cloudformation:DescribeStacks",
            "cloudformation:DescribeStackEvents",
            "cloudformation:DescribeStackResources",
            "cloudformation:GetTemplate",
            "cloudformation:ValidateTemplate"  
        ],
        "Resource":"*"
    }]
}