堆栈内存溢出
  简体   繁体   English

用户无权执行:connect:* on resource: * with an explicit deny"

[英]User is not authorized to perform: connect:* on resource: * with an explicit deny"

 原文  2022-02-02 21:12:17       amazon-web-services/ api/ rest/ postman/ amazon-connect

问题描述

I am trying to test Amazon Connect GetMetricData API in Postman. The issue I am facing is that API, in response, throws an error that says the user is not authorized to perform: connect:* on resource: * with an explicit deny."我正在尝试在 Postman 中测试 Amazon Connect GetMetricData API。我面临的问题是 API 作为响应抛出一个错误,指出用户无权执行:connect:* on resource: * with an explicit deny。”

I am wondering why I am getting this issue because the user I am using here holds full access of amazon connect.我想知道为什么我会遇到这个问题,因为我在这里使用的用户拥有 amazon connect 的完全访问权限。 Not only Amazon Connect, also several other services' full access.不仅是 Amazon Connect,还有其他几项服务的完全访问权限。 You can see the issue in the following picture.您可以在下图中看到问题。

问题截图

2 个解决方案

解决方案1
 1  2022-11-14 17:06:00

I saw this problem myself too.我自己也看到了这个问题。 The issue that I had was the keys in the JSON payload body weren't inside the double quotes "" .我遇到的问题是 JSON 有效负载主体中的键不在双引号""内。

This error message looks to me like it can't identify any action or resource, so I don't think it should be related to any error-configured identity-based policy.此错误消息在我看来无法识别任何操作或资源,因此我认为它不应该与任何错误配置的基于身份的策略相关。

The error message itself isn't really descriptive about the error.错误消息本身并没有真正描述错误。 I would suggest that if people encounter same problem in the future, make sure to double check on the payload body if you don't find any problem in the identity-based policy.我建议,如果人们将来遇到同样的问题,如果您在基于身份的策略中没有发现任何问题,请务必仔细检查有效负载主体。

解决方案2
 0  2022-02-03 00:20:11

This error typically indicates that there is an IAM policy that explicitly denies the action that you're trying to perform, so you should check the policies assigned to your IAM user qayyum as a first step.此错误通常表明存在明确拒绝您尝试执行的操作的 IAM 策略,因此您应该首先检查分配给您的 IAM 用户qayyum的策略。 If you don't find any policies with a deny statement for connect , you can try to add the following policy to your user.如果您没有找到任何带有connect拒绝语句的策略,您可以尝试将以下策略添加到您的用户。 This policy explicitly allows GetMetricData API actions此策略明确允许 GetMetricData API 操作

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "connect:GetMetricData",
            "Resource": "*"
        }
    ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用户无权执行:dynamodb:PutItem on resource - User is not authorized to perform: dynamodb:PutItem on resource AWS,GitHub 操作:用户无权执行:sts:AssumeRole on resource (CodePipeline) - AWS, GitHub Action: User is not authorized to perform: sts:AssumeRole on resource(CodePipeline) AWS StsClient:用户无权执行:sts:资源上的AssumeRole - AWS StsClient: User not authorized to perform: sts:AssumeRole on resource 无权执行:资源上的 sts:TagSession:*** - Not authorized to perform: sts:TagSession on resource: *** GlueJobRunnerSession 无权执行:lakeformation:GetDataAccess on resource - GlueJobRunnerSession is not authorized to perform: lakeformation:GetDataAccess on resource 用户无权执行:dynamodb:GetItem - User is not authorized to perform: dynamodb:GetItem 用户:无权执行:cloudformation:DescribeStacks - User: is not authorized to perform: cloudformation:DescribeStacks voclabs 无权对资源执行:iam:AttachUserPolicy:用户 Olivia,因为没有基于身份的策略允许 iam:AttachUserPolicy - voclabs is not authorized to perform: iam:AttachUserPolicy on resource: user Olivia because no identity-based policy allows the iam:AttachUserPolicy AWS 用户无权访问此资源 - AWS User is not authorized to access this resource 收到错误“用户:arn:aws:iam::11345636234528:user/my_Api 无权执行:secretmanager:GetSecretValue on resouce:my_Resource”? - Receiving error "User: arn:aws:iam::11345636234528:user/my_Api is not authorized to perform: secretmanager:GetSecretValue on resouce: my_Resource"?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM