无法将amplify:ListDomainAssociations分配给USer
我需要允许开发人员使用除创建、删除和更新域关联之外的所有权限访问AWS Amplify服务。我创建了以下策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"amplify:ListDomainAssociations",
"amplify:CreateBranch",
"amplify:ListBranches",
"amplify:GetApp",
"amplify:UpdateApp"
],
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"amplify:GetBranch",
"amplify:ListJobs",
"amplify:DeleteBranch",
"amplify:UpdateBranch"
],
"Resource": "arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/branches/*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"amplify:GetJob",
"amplify:GetDomainAssociation",
"amplify:DeleteJob",
"amplify:StartJob",
"amplify:StopJob"
],
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/branches/*/jobs/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/domains/*"
]
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"amplify:CreateApp",
"amplify:ListApps"
],
"Resource": "*"
}
]
}此策略是使用可视化编辑器生成的。如您所见,我在arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*上允许使用amplify:ListDomainAssociations
我将策略附加到用户,但当他通过浏览器登录到AWS控制台时,他收到以下错误
User: arn:aws:iam::26XXXXXXXXXX:user/tp_amplifyPermissionTest is not authorized to perform: amplify:ListDomainAssociations on resource: arn:aws:amplify:us-east-1:26XXXXXXXXXX:user:/apps/d1xxxxxxxxxxxx/domains
我看到错误消息中的资源名称中的:后面紧跟着一个/,而我的策略arn资源名称中没有这个/。因此,我尝试添加这一点,允许以下资源arn:aws:amplify:us-east-1:26XXXXXXXXXX:/apps/*的amplify:ListDomainAssociations,但指出该/是意外的,我无法保存它。
我还尝试编辑参考资料,如下所示
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:*"
]但还是没有成功。你知道问题出在哪里吗?
回答 1
Stack Overflow用户
发布于 2019-03-21 17:20:30
似乎在AWS上有一些混乱。一些Resources应该与:app一起添加,其他的应该与:/app一起添加。下面是我编辑策略的方式
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"amplify:ListDomainAssociations",
"amplify:CreateBranch",
"amplify:ListBranches",
"amplify:GetApp",
"amplify:UpdateApp"
],
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:/apps/*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"amplify:GetBranch",
"amplify:ListJobs",
"amplify:DeleteBranch",
"amplify:UpdateBranch"
],
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/branches/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:/apps/*/branches/*"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"amplify:GetJob",
"amplify:GetDomainAssociation",
"amplify:DeleteJob",
"amplify:StartJob",
"amplify:StopJob"
],
"Resource": [
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/branches/*/jobs/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:apps/*/domains/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:/apps/*/branches/*/jobs/*",
"arn:aws:amplify:us-east-1:26XXXXXXXXXX:/apps/*/domains/*"
]
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"amplify:CreateApp",
"amplify:ListApps"
],
"Resource": "*"
}
]
}这对我很有效
https://stackoverflow.com/questions/55276578
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号