我创建了这个策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:UpdateApplicationVersion",
"elasticbeanstalk:CreateApplicationVersion",
"elasticbeanstalk:DeleteApplicationVersion"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"elasticbeanstalk:InApplication": [
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:application/test"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:DescribeEvents",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:AddTags",
"elasticbeanstalk:ListPlatformVersions"
],
"Resource": [
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:application/test"
]
},
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:AddTags",
"elasticbeanstalk:Describe*"
],
"Resource": [
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:platform/*",
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:environment/*/*",
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:application/*",
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:solutionstack/*",
"Condition": {
"StringEquals": {
"elasticbeanstalk:InApplication": [
"arn:aws:elasticbeanstalk:ap-south-1:123456789012:application/test"
]
}
}
}
]
}
当我审查我得到的政策时:
此策略定义了一些不提供权限的操作、资源或条件。若要授予访问权限,策略必须具有具有适用资源或条件的操作。
当我从策略中删除elasticbeanstalk:Describe*时,它可以工作,但我需要包含它。
所有的资源元素都是坏的。它们不能为空,至少要使它们成为通配符(*(。此外;arn:aws:弹性茎:ap-south-:12345678912:应用/";不正确,请确保在末尾也有一个通配符在您的权限中,您拥有";s3:";。你还需要一个通配符。此外,如果您正在对条件进行编码,资源的范围可能会更广。
我建议使用Visual Editor或花更多时间学习IAM,您在这里错过了基本知识。
如果没有更多关于你所看到的错误的细节,告诉我们你实际上在努力做什么,对你的帮助并不大。此外,在帽子上也要放松:(