我已经编写了一个CloudFormation模板来创建一个ElasticBeanstalk应用程序。然而,当我执行模板时,我收到以下错误:Access Denied (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: 6c580af3-250d-4658-bc2f-8f6af4c1dd6d; Proxy: null).
我需要添加什么权限?
CloudFormation脚本的相关部分:
# The role used by CloudFormation to create the stack
CFNRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
Version: "2012-10-17"
Path: /
Policies:
- PolicyName: CloudFormationRole
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "ec2:*"
- "elasticbeanstalk:*"
- "iam:*"
- "lambda:*"
- "logs:*"
Effect: Allow
Resource: "*"
# more stuff here...
# Create the EB app without an Environment for now
EBApp1:
Type: AWS::ElasticBeanstalk::Application
Properties:
Description: my-api
原来我错过了CFNRole上的S3权限。我将权限修改为以下内容,栈就可以部署了。
CFNRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ["sts:AssumeRole"]
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
Version: "2012-10-17"
Path: /
Policies:
- PolicyName: CloudFormationRole
PolicyDocument:
Version: "2012-10-17"
Statement:
- Action:
- "ec2:*"
- "elasticbeanstalk:*"
- "iam:*"
- "lambda:*"
- "logs:*"
- "s3:*" #### Added this line ####
Effect: Allow
Resource: "*"