堆栈内存溢出
  简体   繁体   English

certificatemanager:changeResourceRecordSets 用户无权访问此资源

[英]certificatemanager:changeResourceRecordSets user is not authorized to access this resource

 原文  2021-04-06 11:28:12       amazon-web-services/ amazon-route53/ aws-certificate-manager

问题描述

Trying to create an SSL certificate using Amazon Certificate Manager, as per here -尝试使用 Amazon Certificate Manager 创建 SSL 证书,如下所示 -

https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af

I have a deployment user with the following policy -我有一个具有以下策略的部署用户 -

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "cloudformation:*",
                "s3:*",
                "route53:*",
                "acm:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

But when I deploy I get the following -但是当我部署时,我得到以下信息 -

API: certificatemanager:changeResourceRecordSets User #{my_IAM_deploy_user} is not authorized to access this resource

How come I am getting this error despite acm:* access?尽管acm:*访问,我为什么会收到此错误?

(wondering if related to Why changeResourceRecordSets gets not authorized to access this resource? but can't see exactly how) (想知道是否与为什么 changeResourceRecordSets 没有获得访问此资源的授权有关?但不知道具体如何)

(Cloudformation template below) (下面的 Cloudformation 模板)

---
AWSTemplateFormatVersion: '2010-09-09'
Description: cloudfront-route53-demo-cert
Parameters:
  DomainName:
    Type: String
  HostedZoneId:
    Type: String
    Default: Z1BKCTXD74EZPE  # eu-west-1; https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints
Outputs:
  CertificateARN:
    Value:
      Ref: Certificate  # returns ARN
Resources:
  Certificate:
    Type: AWS::CertificateManager::Certificate
    Properties:
      DomainName:
        Ref: DomainName
      DomainValidationOptions:
        - DomainName:
            Ref: DomainName
          HostedZoneId:
            Ref: HostedZoneId
      ValidationMethod: DNS

1 个解决方案

解决方案1
 0 已采纳  2021-04-09 09:54:20

I misunderstood what HostedZoneId was.我误解了HostedZoneId是什么。 I thought it was some kind of route53 region- specific singleton but (doh) turns out it just the id of a route53 HostedZone I had created.我认为这是某种特定于 route53 区域的 singleton 但(doh)原来它只是我创建的 route53 HostedZone 的 id。 Kinda obvious really.真的有点明显。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么 changeResourceRecordSets 无权访问此资源? - Why changeResourceRecordSets gets not authorized to access this resource? AWS 用户无权访问此资源 - AWS User is not authorized to access this resource AWS 用户无权通过显式拒绝访问此资源 - AWS User is not authorized to access this resource with an explicit deny CloudFormation route53:GetHostedZone 用户无权访问此资源 - CloudFormation route53:GetHostedZone User is not authorized to access this resource 用户无权执行:dynamodb:PutItem on resource - User is not authorized to perform: dynamodb:PutItem on resource 放大,用户无权在资源上执行 iam:passRole - Amplify, User is not authorized to preform iam:passRole on resource 用户:anonymous 无权对资源执行:es:ESHttpPost: - User: anonymous is not authorized to perform: es:ESHttpPost on resource: 用户无权执行:connect:* on resource: * with an explicit deny" - User is not authorized to perform: connect:* on resource: * with an explicit deny" 用户无权执行:SNS:CreateTopic on resource - User is not authorized to perform: SNS:CreateTopic on resource AWS IAM / QuickSight-用户无权执行:quicksight:资源上的GetDashboardEmbedUrl - AWS IAM / QuickSight - user is not authorized to perform: quicksight:GetDashboardEmbedUrl on resource
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM