[英]Iam user not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny
I am trying to create a Firehose delivery stream from an EC2 micro instance. 我正在尝试从EC2微型实例创建Firehose交付流。
AWS CLI is configured with the access keys of an IAM user ABC. AWS CLI配置有IAM用户ABC的访问密钥。 This user has AWS policies attached with full access to firehose (policy copied below).
该用户具有附加的AWS策略,可以完全访问firehose(策略在下面复制)。
Still the stream creation fails with the error AccessDeniedException: iam user ABC not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny
仍然流创建失败,并显示错误
AccessDeniedException: iam user ABC not authorized to perform: firehose:CreateDeliveryStream on resource xxxx with an explicit deny
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"firehose:*",
"firehose:CreateDeliveryStream"
],
"Resource": [
"arn:aws:firehose:us-east-1:<ACC_ID>:deliverystream/*",
"arn:aws:firehose:us-east-1:<ACC_ID>:*",
"arn:aws:firehose:*:<ACC_ID>:*",
"arn:aws:firehose:*:<ACC_ID>:deliverystream/*"
]
}
]
}
Do I need to add more permissions to this IAM user to allow it to create delivery streams? 我是否需要为此IAM用户添加更多权限,以允许其创建传递流?
I cross checked all other policies attached to this user and apparently there was a Deny policy attached to this user which was explicitly denying the access. 我交叉检查了与该用户相关的所有其他策略,并且显然有与该用户相关的“拒绝”策略明确拒绝了访问。 Removed this policy and it worked!
删除了此政策,它起作用了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.