stackoom
  简体   繁体   中英

boto elastic beanstalk CreateApplicationVersion 403 Forbidden

 原文  2014-05-09 12:51:00       python/ amazon-web-services/ elastic-beanstalk/ boto

Question

I've finished a python script that deploying automatically to Elastic beanstalk.

It works fine with testing environments.

But when I just changed user key, Boto says '403 Forbidden' with correct policy.

https://policysim.aws.amazon.com say's that user allowed CreateApplicationVersion.

However boto don't allow CreateApplicationVersion action. 

boto==2.28
python==2.7.5

Anyone got this problem before? 

Traceback (most recent call last):
  File "upload_to_aws.py", line 135, in <module> 
description=None, s3_bucket=AWS_ELASTIC_BEANSTALK_S3_BUCKET_NAME, s3_key=zip_file)
  File "/usr/lib/python2.7/site-packages/boto/beanstalk/layer1.py", line 156, in create_application_version
return self._get_response('CreateApplicationVersion', params)
  File "/usr/lib/python2.7/site-packages/boto/beanstalk/layer1.py", line 71, in _get_response
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 403 Forbidden
{"Error":{"Code":"AccessDenied","Message":"User: arn:aws:iam::<account-id>:user/<username> is not authorized to perform: elasticbeanstalk:CreateApplicationVersion on resource: arn:aws:elasticbeanstalk:ap-northeast-1:<account-id>:applicationversion/<application-name>/<application-version>","Type":"Sender"},"RequestId":"<request-id>"}

IAM policy: 

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1000000000000",
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::mybucket/*",
        "arn:aws:s3:::mybucket",
      ]
    },
{
      "Sid": "Stmt1000000000001",
      "Effect": "Allow",
      "Action": [
        "elasticbeanstalk:*"
      ],
      "Resource": [
        "arn:aws:elasticbeanstalk:ap-northeast-1:<account-id>:environment/<application name>/<environment-name>"
      ]
    }
  ]
}

1 answers

solution1
 0  2014-05-09 13:14:06

I really don't think this is a boto issue. It just makes the API call with the credentials you provide. If the service says 403 then the credentials you are using are not authorized for that operation.

In the case of the CreateApplicationVersion operation, you also have to pass in an S3 bucket where the version data is located. Does the account you are using have access to that bucket?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django 403 Forbidden on AWS Elastic Beanstalk S3ResponseError: 403 Forbidden using Boto 403 forbidden from amazon SQS using boto S3ResponseError: 403 Forbidden using boto Elastic Beanstalk Static Folder 403 Error AWS S3 - 403 forbidden reading file - Boto Python Boto3 generating different links locally and on elastic beanstalk with a django application AWS's Elastic Beanstalk not using my virtualenv: “No module named boto” boto3 upload_file() 403 forbidden with Wasabi S3 403 forbidden for AWS Beanstalk Flask static files without SSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM