如何解决AccessDenied:无法使用 Cognito Identity 从 SDK 更新 CloudFormation 堆栈
我正在尝试使用 Amazon 的 JavaScript SDK 从 Node.js 项目更新 CloudFormation 堆栈。
错误信息:
AccessDenied: User: [cognito_user_id_removed_on_SO_for_security]Unauth_Role/CognitoIdentityCredentials is not authorized to perform: cloudformation:UpdateStack on resource: arn:aws:cloudformation:eu-west-1:550862374618:stack/aljeem-masjid-1/67511c60-8d6e-11eb-8938-0a391a546edb
at deserializeAws_queryUpdateStackCommandError (D:\Projects\Web\AWS\node_test_1\node_modules\@aws-sdk\client-cloudformation\dist\cjs\protocols\Aws_query.js:3212:41)
at processticksAndRejections (internal/process/task_queues.js:97:5)
at async D:\Projects\Web\AWS\node_test_1\node_modules\@aws-sdk\middleware-serde\dist\cjs\deserializerMiddleware.js:6:20
at async D:\Projects\Web\AWS\node_test_1\node_modules\@aws-sdk\middleware-signing\dist\cjs\middleware.js:12:24
at async StandardRetryStrategy.retry (D:\Projects\Web\AWS\node_test_1\node_modules\@aws-sdk\middleware-retry\dist\cjs\defaultStrategy.js:56:46)
at async D:\Projects\Web\AWS\node_test_1\node_modules\@aws-sdk\middleware-logger\dist\cjs\loggerMiddleware.js:6:22
at async updateStack (D:\Projects\Web\AWS\node_test_1\src\index.js:34:18) {
Type: 'Sender',Code: 'AccessDenied','$fault': 'client','$Metadata': {
httpStatusCode: 403,requestId: '4b6d9e90-f6f0-4c27-b1e3-c98c5e715968',extendedRequestId: undefined,cfId: undefined,attempts: 1,totalRetryDelay: 0
}
}
我创建了一个 Cognito 身份池,包含授权角色和未授权角色,并将 AWSCloudFormationFullAccess 策略附加到每个角色。
查看角色的访问顾问选项卡,我可以看到“AWS CloudFormation”是“上次访问”“今天”。我也可以看到在身份池内的身份浏览器中创建了一个新身份。
为什么访问被拒绝?
代码:
const { CloudFormationClient,UpdateStackCommand } = require('@aws-sdk/client-cloudformation');
const { CognitoIdentityClient } = require("@aws-sdk/client-cognito-identity");
const {
fromCognitoIdentityPool,} = require("@aws-sdk/credential-provider-cognito-identity");
const client = new CloudFormationClient({
region: "eu-west-1",credentials: fromCognitoIdentityPool({
client: new CognitoIdentityClient({ region: "eu-west-1" }),identityPoolId: "removed here for security,but it was entered correctly"
}),});
const commandInput = {
StackName: "arn:aws:cloudformation:eu-west-1:550862374618:stack/aljeem-masjid-1/67511c60-8d6e-11eb-8938-0a391a546edb",UsePrevIoUstemplate: true,Parameters: [
{
ParameterKey: "StackOffline",ParameterValue: "Online"
}
],Capabilities: [
"CAPABILITY_IAM","CAPABILITY_AUTO_EXPAND"
]
};
const updateCommand = new UpdateStackCommand(commandInput);
const updateStack = async () => {
try {
const data = await client.send(updateCommand);
console.log("Success",data);
}
catch (err) {
console.log(err);
}
};
updateStack();
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
