[英]certificatemanager:changeResourceRecordSets user is not authorized to access this resource
Trying to create an SSL certificate using Amazon Certificate Manager, as per here -尝试使用 Amazon Certificate Manager 创建 SSL 证书,如下所示 -
https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af https://medium.com/swlh/aws-website-hosting-with-cloudformation-guide-36cac151d1af
I have a deployment user with the following policy -我有一个具有以下策略的部署用户 -
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:*",
"s3:*",
"route53:*",
"acm:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
But when I deploy I get the following -但是当我部署时,我得到以下信息 -
API: certificatemanager:changeResourceRecordSets User #{my_IAM_deploy_user} is not authorized to access this resource
How come I am getting this error despite acm:*
access?尽管
acm:*
访问,我为什么会收到此错误?
(wondering if related to Why changeResourceRecordSets gets not authorized to access this resource? but can't see exactly how) (想知道是否与为什么 changeResourceRecordSets 没有获得访问此资源的授权有关?但不知道具体如何)
(Cloudformation template below) (下面的 Cloudformation 模板)
---
AWSTemplateFormatVersion: '2010-09-09'
Description: cloudfront-route53-demo-cert
Parameters:
DomainName:
Type: String
HostedZoneId:
Type: String
Default: Z1BKCTXD74EZPE # eu-west-1; https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints
Outputs:
CertificateARN:
Value:
Ref: Certificate # returns ARN
Resources:
Certificate:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName:
Ref: DomainName
DomainValidationOptions:
- DomainName:
Ref: DomainName
HostedZoneId:
Ref: HostedZoneId
ValidationMethod: DNS
I misunderstood what HostedZoneId
was.我误解了
HostedZoneId
是什么。 I thought it was some kind of route53 region- specific singleton but (doh) turns out it just the id of a route53 HostedZone I had created.我认为这是某种特定于 route53 区域的 singleton 但(doh)原来它只是我创建的 route53 HostedZone 的 id。 Kinda obvious really.
真的有点明显。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.