微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

适用于UpdateEnvironment的AWS InsufficientPrivilegesException,但我已设置相关权限

分类:编程问答

如何解决适用于UpdateEnvironment的AWS InsufficientPrivilegesException,但我已设置相关权限

我想使用GitHub Actions设置CI / CD,以便在提交和推送新代码时在AWS Elastic Beanstalk中创建新的应用程序版本。这是工作流程.yml

name: Build Frontend and Deploy

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v1
        with:
          node-version: '12'
      
      - name: Install app dependencies
        run: npm install

      - name: Build sapper app
        run: npm run build

      - name: Create ZIP deployment package
        run: zip -r deploy_frontend.zip ./

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: "us-east-1"

      - name: Upload package to S3 bucket
        run: aws s3 cp deploy_frontend.zip s3://***-deploy-dev/

      - name: Create new ElasticBeanstalk application version
        run: |
          aws elasticbeanstalk create-application-version \
          --application-name *** \
          --source-bundle S3Bucket="***",S3Key="deploy_frontend.zip" \
          --version-label "ver-${{ github.sha }}" \
          --description "commit-sha-${{ github.sha }}"
      - name: Deploy new ElasticBeanstalk application version
        run: |
          aws elasticbeanstalk update-environment \
          --environment-name *** \
          --version-label "ver-${{ github.sha }}"

注意:我使用***隐藏了应用和环境名称

该构建在Deploy new ElasticBeanstalk application version阶段出错。完整的错误

Run aws elasticbeanstalk update-environment \
  aws elasticbeanstalk update-environment \
  --environment-name *** \
  --version-label "ver-44d23ff7b95541c3527b0a7f156c1377d3fdc217"
  shell: /bin/bash -e {0}
  env:
    AWS_DEFAULT_REGION: us-east-1
    AWS_REGION: us-east-1
    AWS_ACCESS_KEY_ID: ***
    AWS_SECRET_ACCESS_KEY: ***

An error occurred (InsufficientPrivilegesException) when calling the UpdateEnvironment operation: Access Denied
Error: Process completed with exit code 255.

但是,我认为我已经在AWS策略中设置了相关权限。这是github操作用户的政策:

{
    "Version": "2012-10-17","Statement": [
        {
            "Sid": "VisualEditor0","Effect": "Allow","Action": "elasticbeanstalk:UpdateEnvironment","Resource": "arn:aws:elasticbeanstalk:us-east-1:917801217495:environment/appname/*"
        },{
            "Sid": "VisualEditor1","Action": [
                "elasticbeanstalk:ListPlatformBranches","elasticbeanstalk:DescribeAccountAttributes","elasticbeanstalk:CreateStorageLocation","elasticbeanstalk:CheckDNSAvailability"
            ],"Resource": "*"
        },{
            "Sid": "VisualEditor2","Action": "elasticbeanstalk:*","Resource": [
                "arn:aws:elasticbeanstalk:*:917801217495:applicationversion/*/*","arn:aws:elasticbeanstalk:us-east-1:917801217495:environment/appname/*","arn:aws:elasticbeanstalk:us-east-1:917801217495:application/appname"
            ]
        }
    ]
}

同样,我用appname 替换了我的应用程序名称

我什至在策略模拟器中尝试了该策略,并且该策略按预期工作。这可能是什么问题?

解决方法

我遵循了https://documentation.codeship.com/basic/continuous-deployment/deployment-to-elastic-beanstalk/#iam-policies中的指南,该指南正在运行。基本上,您还需要在所有Elastic Beanstalk相关服务中设置权限,而不仅仅是弹性Beanstalk。

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot