Python 禁止boto elastic beanstalk CreateApplication403版
我已经完成了一个自动部署到Elastic beanstalk的python脚本 它适用于测试环境 但当我刚更改用户密钥时,Boto用正确的策略说“403禁止” 假设是用户允许的CreateApplicationVersion 但是,boto不允许CreateApplicationVersion操作Python 禁止boto elastic beanstalk CreateApplication403版,python,amazon-web-services,amazon-elastic-beanstalk,boto,Python,Amazon Web Services,Amazon Elastic Beanstalk,Boto,我已经完成了一个自动部署到Elastic beanstalk的python脚本 它适用于测试环境 但当我刚更改用户密钥时,Boto用正确的策略说“403禁止” 假设是用户允许的CreateApplicationVersion 但是,boto不允许CreateApplicationVersion操作 boto==2.28 python==2.7.5 以前有人遇到过这个问题吗 Traceback (most recent call last): File "upload_to_aws.py",
boto==2.28
python==2.7.5
以前有人遇到过这个问题吗
Traceback (most recent call last):
File "upload_to_aws.py", line 135, in <module>
description=None, s3_bucket=AWS_ELASTIC_BEANSTALK_S3_BUCKET_NAME, s3_key=zip_file)
File "/usr/lib/python2.7/site-packages/boto/beanstalk/layer1.py", line 156, in create_application_version
return self._get_response('CreateApplicationVersion', params)
File "/usr/lib/python2.7/site-packages/boto/beanstalk/layer1.py", line 71, in _get_response
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 403 Forbidden
{"Error":{"Code":"AccessDenied","Message":"User: arn:aws:iam::<account-id>:user/<username> is not authorized to perform: elasticbeanstalk:CreateApplicationVersion on resource: arn:aws:elasticbeanstalk:ap-northeast-1:<account-id>:applicationversion/<application-name>/<application-version>","Type":"Sender"},"RequestId":"<request-id>"}
IAM政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1000000000000",
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::mybucket/*",
"arn:aws:s3:::mybucket",
]
},
{
"Sid": "Stmt1000000000001",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*"
],
"Resource": [
"arn:aws:elasticbeanstalk:ap-northeast-1:<account-id>:environment/<application name>/<environment-name>"
]
}
]
}
我真的不认为这是一个两败俱伤的问题。它只是使用您提供的凭据进行API调用。如果服务显示403,则您正在使用的凭据未被授权进行该操作
对于CreateApplicationVersion操作,还必须传入版本数据所在的S3存储桶。您使用的帐户有权访问该存储桶吗?非常感谢您的回复。在CreateApplicationVersion操作之前,我将zip文件上载到S3存储桶。它上传得很好。但是当我尝试CreateApplicationVersion操作时,它显示403。其他一些操作,如descripe_应用程序、descripe_环境application_name=AWS_ELASTIC_BEANSTALK_APP_name正常工作。