堆栈内存溢出
  简体   繁体   English

IAM用户无权执行:在资源xxxx上使用明确拒绝的firehose:CreateDeliveryStream

[英]Iam user not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny

 原文  2018-03-07 15:39:00       amazon-web-services/ amazon-iam/ amazon-kinesis-firehose

问题描述

I am trying to create a Firehose delivery stream from an EC2 micro instance. 我正在尝试从EC2微型实例创建Firehose交付流。

AWS CLI is configured with the access keys of an IAM user ABC. AWS CLI配置有IAM用户ABC的访问密钥。 This user has AWS policies attached with full access to firehose (policy copied below). 该用户具有附加的AWS策略,可以完全访问firehose(策略在下面复制)。

Still the stream creation fails with the error AccessDeniedException: iam user ABC not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny 仍然流创建失败,并显示错误AccessDeniedException: iam user ABC not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "firehose:*",
                "firehose:CreateDeliveryStream"
            ],
            "Resource": [
                "arn:aws:firehose:us-east-1:<ACC_ID>:deliverystream/*",
                "arn:aws:firehose:us-east-1:<ACC_ID>:*",
                "arn:aws:firehose:*:<ACC_ID>:*",
                "arn:aws:firehose:*:<ACC_ID>:deliverystream/*"
            ]
        }
    ]
}

Do I need to add more permissions to this IAM user to allow it to create delivery streams? 我是否需要为此IAM用户添加更多权限,以允许其创建传递流?

1 个解决方案

解决方案1
 0  2018-03-10 20:06:43

I cross checked all other policies attached to this user and apparently there was a Deny policy attached to this user which was explicitly denying the access. 我交叉检查了与该用户相关的所有其他策略,并且显然有与该用户相关的“拒绝”策略明确拒绝了访问。 Removed this policy and it worked! 删除了此政策,它起作用了!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户无权执行:connect:* on resource: * with an explicit deny" - User is not authorized to perform: connect:* on resource: * with an explicit deny" 用户无权执行: rekognition:RecognizeCelebrities 明确拒绝 - User is not authorized to perform: rekognition:RecognizeCelebrities with an explicit deny AWS 用户无权通过显式拒绝访问此资源 - AWS User is not authorized to access this resource with an explicit deny AWS boto3 用户:arn:aws:iam::xxxx:root 无权执行:lambda:AddLayerVersionPermission 对资源 - AWS boto3 User: arn:aws:iam::xxxx:root is not authorized to perform: lambda:AddLayerVersionPermission on resource AWS IAM / QuickSight-用户无权执行:quicksight:资源上的GetDashboardEmbedUrl - AWS IAM / QuickSight - user is not authorized to perform: quicksight:GetDashboardEmbedUrl on resource Amazon SES 异常:IAM 用户无权对资源执行“ses:SendRawEmail” - Amazon SES Exception: IAM User is not authorized to perform `ses:SendRawEmail' on resource 用户无权执行:iam:PassRole on resource error in create AWS codepipeline - User not authorized to perform: iam:PassRole on resource error in creating AWS codepipeline AWS EKS:用户无权执行:对资源执行 iam:CreateRole - AWS EKS: user is not authorized to perform: iam:CreateRole on resource voclabs 无权对资源执行:iam:AttachUserPolicy:用户 Olivia,因为没有基于身份的策略允许 iam:AttachUserPolicy - voclabs is not authorized to perform: iam:AttachUserPolicy on resource: user Olivia because no identity-based policy allows the iam:AttachUserPolicy iam:PutRolePolicy用户:xxx无权执行:资源上的iam:PutRolePolicy:角色yyy - iam:PutRolePolicy User: xxx is not authorized to perform: iam:PutRolePolicy on resource: role yyy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM