[英]AccessDeniedException (caller is not authorized to call API) using AWS GuardDuty
Aws lambda and CLI both returned "InternalServerErrorException: An error occurred (InternalServerErrorException) when calling the UpdateThreatIntelSet operation: The request is rejected because the caller is not authorized to call this API." Aws lambda 和 CLI 都返回“InternalServerErrorException:调用 UpdateThreatIntelSet 操作时发生错误 (InternalServerErrorException):请求被拒绝,因为调用方无权调用此 API。” IAM policy already been set to allow Admin action and Trusted entities are set to s3, lambda, guardduty, Apigateway. IAM 策略已设置为允许管理员操作,可信实体设置为 s3、lambda、guardduty、Apigateway。 I've been searching for days now on why it keeps giving me that rejection where I already explicitly allow everything.我一直在寻找为什么它在我已经明确允许一切的情况下不断给我拒绝的原因。 Any advise or help is greatly appreciated.非常感谢任何建议或帮助。 Below is the code snippet and the rejection from lambda下面是代码片段和来自 lambda 的拒绝
from __future__ import print_function
import boto3
detector_id = 'abcdefghijklmnop12345'
threatIntelSetIds = 'abcdefghijklmnop12345'
mal_ip = '10.0.0.0'
# Update threatIntelsetId based on the malicious_ip addresses.
def update_threatList(threatIntelSetIds, mal_ip):
client = boto3.client('guardduty')
response = client.update_threat_intel_set(
Activate=True,
DetectorId=detector_id,
ThreatIntelSetId=threatIntelSetIds
)
def lambda_handler(event, context):
update_threatList(threatIntelSetIds, mal_ip)
here is the rejection IAM policy Trusted entities这是拒绝IAM 政策可信实体
As noted in comments, the likely cause of this confusing error message - which I have reproduced using both Terraform and CloudFormation resources to manage GuardDuty - is that the S3 location does not exist.如评论中所述,此令人困惑的错误消息的可能原因(我已使用 Terraform 和 CloudFormation 资源复制以管理 GuardDuty)是 S3 位置不存在。
Also, note that the full path in the S3 bucket needs to exist, and CloudFormation, in particular, will not create an empty file there, if the file does not already exists.另请注意,S3 存储桶中的完整路径需要存在,尤其是 CloudFormation,如果该文件不存在,则不会在那里创建空文件。
This generally means some other process than CloudFormation needs to create the file.这通常意味着除 CloudFormation 之外的其他一些过程需要创建文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.