在我的CI上运行:aws ecs wait services-stable --cluster $CLUSTER --services $SERVICE
这非常适合我的 IAM 凭证,但我的 CI 范围缩小范围凭证失败,并显示:
In function length(), invalid type for value: None, expected one of: ['string', 'array', 'object'], received: "null"
附加到 CI 组的策略授予以下内容:
"ecs:ListClusters",
"ecs:ListServices",
"ecs:CreateService",
"ecs:UpdateService",
"ecs:DeleteService",
"ecs:RegisterTaskDefinition",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:DeregisterTaskDefinition",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask",
"ecs:SubmitTaskStateChange",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup",
"iam:ListServerCertificates",
"cloudformation:DescribeStacks"
我曾认为授予Poll和DiscoverPollEndpoint将涵盖等待。我错过了什么?
谢谢!
aws ecs wait services-stable需要ecs:DescribeServices。 你可以在这里看到服务员的来源。
ecs:Poll和ecs:DiscoverPollEndpoint(以及其他一些操作(仅由 ECS 代理使用;您无需将这些权限授予 ECS 代理以外的任何权限。