我正在尝试无服务器来创建AWS Lambdas,并在使用命令创建项目时serverless project create遇到以下错误.
AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-1:XXXXXXXXX:stack/XXXXXXXXX-development-r/*
我创建了一个用户并向用户授予了以下权限.
AWSLambdaFullAccess
AmazonS3FullAccess
CloudFrontFullAccess
AWSCloudFormationReadOnlyAccess(没有AWSCloudFormationFullAccess授予)
我该怎么办?我必须授予哪些其他权限?
你提到的最接近的一个是AWSCloudFormationReadOnlyAccess,但显然这只是你需要的只读cloudformation:CreateStack.将以下内容添加为用户策略.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1449904348000",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack"
],
"Resource": [
"*"
]
}
]
}
您完全有可能需要更多权限 - 例如,启动EC2实例,(重新)配置安全组等.
什么@ tedder42说,但我还必须在我的组策略中添加以下内容才能从visual studio内部部署到lambda.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1449904348000",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:CreateChangeSet",
"cloudformation:ListStacks",
"cloudformation:UpdateStack",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet"
],
"Resource": [
"*"
]
}
]
}
根据我最近的经验,所需的政策是
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1449904348000",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:CreateChangeSet",
"cloudformation:ListStacks",
"cloudformation:UpdateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackEvents",
"cloudformation:ValidateTemplate",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet"
],
"Resource": [
"*"
]
}
]
}
京公网安备 11010802040832号 | 京ICP备19059560号-6 