AWS - IAM 用户角色权限未传播给用户
[英]AWS - IAM User Role Permissions are not Propagating to User
问题描述
My IAM user is not getting the permissions his user-group/role provide.
我的 IAM 用户未获得其用户组/角色提供的权限。 I would like to introduce my problem through series of screenshots.我想通过一系列截图来介绍我的问题。 Not sure this is the best way but thought it would be helpful.不确定这是最好的方法,但认为它会有所帮助。 I have the following IAM User I created:我创建了以下 IAM 用户:
, as you can see assigned to group Administrators. ,如您所见,已分配给管理员组。 Administrators has the following role policy:管理员具有以下角色策略:
, the AdminRolePolicy: , AdminRolePolicy:
, as you can see is assigned the role admin, and the admin role has the following permissions (trust me the top of this page was IAM->Roles->admin): ,如您所见,分配了角色 admin,并且 admin 角色具有以下权限(相信我,此页面的顶部是 IAM->Roles->admin):
When I login as this user, and go to IAM, I get the following series of messages:当我以该用户身份登录并拨打 go 到 IAM 时,我收到以下一系列消息:
Notice each one says "ask Administrator to add permissions".注意每个人都说“要求管理员添加权限”。 However, this user has AdministratorAccess, and I assume should therefore already have all these permissions.但是,此用户具有 AdministratorAccess,因此我认为应该已经拥有所有这些权限。 I am not sure how to diagnose my problem or how to address to fix.我不确定如何诊断我的问题或如何解决问题。 I would be grateful for any suggestions.如有任何建议,我将不胜感激。 Thanks谢谢
1 个解决方案
解决方案1
1 已采纳 2022-03-17 01:16:27
This policy allows the group members to assume the admin role.此策略允许组成员承担管理员角色。 This means you have to assume this role before doing any admin action.这意味着您必须在执行任何管理操作之前承担此角色。
If you want the user to have admin privilege, you need to add the policy AdministratorAccess directly in the user or group.如果想让用户拥有admin权限,需要直接在用户或组中添加策略AdministratorAccess。
Documentation how to assume a role from the AWS console 有关如何从 AWS 控制台担任角色的文档
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.