Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/281.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python 如何在红移中描述端点_Python_Amazon Web Services_Aws Lambda_Yaml - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python 如何在红移中描述端点

Python 如何在红移中描述端点

python amazon-web-services aws-lambda yaml

Python 如何在红移中描述端点,python,amazon-web-services,aws-lambda,yaml,Python,Amazon Web Services,Aws Lambda,Yaml,我出错了 “errorMessage”:“调用DescribeClusters操作时出错(AccessDenied):用户:arn:aws:sts::XX:假定角色/XX/axx无权在资源:arn:aws:XX:*上执行:红移:DescribeClusters” 下面是RDS的代码 client = boto3.client('rds') cluster_list = client.describe_db_cluster_endpoints() print(cluster_list) clie

我出错了

“errorMessage”:“调用DescribeClusters操作时出错(AccessDenied):用户:arn:aws:sts::XX:假定角色/XX/axx无权在资源:arn:aws:XX:*上执行:红移:DescribeClusters”

下面是RDS的代码

client = boto3.client('rds')
cluster_list = client.describe_db_cluster_endpoints()
print(cluster_list)

client = boto3.client('redshift', 'us-east-2')
cluster_list = client.describe_clusters()
print(cluster_list)
对于红移,下面是代码

client = boto3.client('rds')
cluster_list = client.describe_db_cluster_endpoints()
print(cluster_list)

client = boto3.client('redshift', 'us-east-2')
cluster_list = client.describe_clusters()
print(cluster_list)
我的角色如下,服务如下

AWSTemplateFormatVersion: 2010-09-09

Parameters: 

  testlambdarole:
    Type: String
    Default: role-name
      
Resources: 

  Role:  
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Ref testlambdarole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'               
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - lambda.amazonaws.com
                - redshift.amazonaws.com
            Action: ['sts:AssumeRole']      
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AWSLambdaExecute
      Policies:
        - PolicyName: RdsAccess
          PolicyDocument: 
            Version: "2012-10-17"
            Statement: 
              - Effect: "Allow"
                Action: 
                  - rds-db:connect
                Resource: "*"
您在IAM角色中缺少一个允许您对红移执行操作的策略,如下所示:

-策略名称:RSDescribeClusters
政策文件:
版本:“2012-10-17”
声明:
-效果:“允许”
行动:
-红移:描述聚类
资源:“*”
从您设置它的方式来看,您只是允许红移服务承担IAM角色

您发布的错误消息中指定了
红移:descripebclusters
操作;此外,您可以在开发人员文档的页面上找到Redshift支持的所有操作

例如,如果您想为RDS添加一个,也可以使用此选项(已测试且有效):

{
“版本”:“2012-10-17”,
“声明”:[
{
“效果”:“允许”,
“操作”:“rds:DescribeDBClusterEndpoints”,
“资源”:[
“arn:aws:rds::::帐户\ ID:cluster:*”,
“arn:aws:rds::::帐户\u ID:群集终结点:*”
]
}
]
}
您需要替换您的帐户ID和/或自己将其转换为CloudFormation。

您的IAM角色没有执行该操作的权限,如错误所示。您可以看到-redshift.amazonaws.com是presentRedshift,shift被称为服务主体,请阅读IAM文档。您的意思是说我还需要添加策略?请检查我的回答您是如何得到此红移的:DescribeClusters也请添加RDS describe\u db\u cluster\u Endpoint。附加说明,您可以在AWS文档中找到每个服务的所有操作,您通常可以通过谷歌搜索“IAM服务操作”之类的内容(即“iam红移操作”或“iam rds操作”)我添加了-rds db:connect-rds db:DescriptibeBClusterEndpoints它不起作用添加了一个我已经测试过且有效的示例。这是我最后一次编辑,祝你好运。