堆栈内存溢出
  简体   繁体   English

IAM 权限不足。 无法确定实例配置文件“aws-elasticbeanstalk-ec2-role”是否存在

[英]Insufficient IAM privileges. Unable to determine if instance profile 'aws-elasticbeanstalk-ec2-role' exists

 原文  2022-07-19 09:21:37       amazon-web-services/ amazon-elastic-beanstalk/ command-line-interface

问题描述

every time i try to create an environment from my cli it pop up this error ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role.每次我尝试从我的 cli 创建环境时,它都会弹出此错误ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role. ERROR Unable to assign role. Please verify that you have permission to pass this role: aws-elasticbeanstalk-service-role. and give me failed to launch environment even though i setup the aws access key and secret access key and give the user the permissions of administrator即使我设置了aws访问密钥和秘密访问密钥并给用户管理员权限,也给我启动环境失败

1 个解决方案

解决方案1
 0  2022-07-19 11:31:00

AWS has a strictly defined policy evaluation logic . AWS 具有严格定义的策略评估逻辑

  1. Deny evaluation – By default, all requests are denied.拒绝评估 – 默认情况下,所有请求都被拒绝。 This is called an implicit deny.这称为隐式拒绝。 The AWS enforcement code evaluates all policies within the account that apply to the request. AWS 执行代码评估账户中适用于请求的所有策略。 These include AWS Organizations SCPs, resource-based policies, identity-based policies, IAM permissions boundaries, and session policies.其中包括 AWS Organizations SCP、基于资源的策略、基于身份的策略、IAM 权限边界和会话策略。 In all those policies, the enforcement code looks for a Deny statement that applies to the request.在所有这些策略中,执行代码会查找适用于请求的拒绝语句。 This is called an explicit deny.这称为显式拒绝。 If the code finds even one explicit deny that applies, the code returns a final decision of Deny.如果代码发现甚至有一个明确的拒绝适用,则代码会返回拒绝的最终决定。 If there is no explicit deny, the code continues.如果没有明确拒绝,则代码继续。

As you can see, the first step checks for an explicit deny in all policies within the account that apply to the request.如您所见,第一步检查帐户内适用于请求的所有策略中的显式拒绝。 Although you have the admin permissions there could be Organizations SCPs, resource-based policies, IAM permissions boundaries, or another IAM policy attached to your IAM account or group that explicitly deny passing a role.尽管您拥有管理员权限,但可能有组织 SCP、基于资源的策略、IAM 权限边界或附加到您的 IAM 账户或组的其他 IAM 策略明确拒绝传递角色。 If you have access just check them one by one.如果您有权访问,请一一检查。 Or ask your administrator to do that.或者请您的管理员这样做。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Terraform 中找到 aws-elasticbeanstalk-ec2-role? - Find aws-elasticbeanstalk-ec2-role in Terraform? Amazon Textract、Elastic Beanstalk -assumed-role/aws-elasticbeanstalk-ec2-role/... 未授权执行 textract:AnalyzeDocument - Amazon Textract, Elastic Beanstalk -assumed-role/aws-elasticbeanstalk-ec2-role/… is not authorized to perform textract:AnalyzeDocument AWS实例配置文件与IAM用户角色 - AWS instance profile vs IAM user role AWS IAM实例配置文件,用于管理具有该配置文件的EC2实例 - AWS IAM Instance Profile to Administer EC2 Instances With that Profile AWS假定具有EC2实例IAM角色的角色无效 - AWS Assume role with EC2 instance IAM role not working AWS 实例配置文件与 IAM 角色? 为什么不直接分配角色? - AWS instance profile vs IAM role? Why not directly assign a role? IAM角色关联到可用的AWS EC2实例 - IAM Role Association to the available AWS EC2 instance IAM 角色未分配实例配置文件 - IAM role is not assigned an instance profile 在多个 AWS 账户上使用 IAM 角色启动 EC2 实例 - Launch EC2 Instance using IAM Role on Multiple AWS accounts AWS associate-iam-instance-profile function,实例需要什么 IAM 角色? - AWS associate-iam-instance-profile function, what IAM role is required for the instance?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM