未经授权执行的AWS策略
当我尝试查看Lambda函数时,在控制台上出现此错误:
这是我的用户帐户所在的网上论坛的政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:Describe*",
"cloudformation:List*",
"cloudformation:Get*",
"cloudformation:CreateStack",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Resource": "arn:aws:cloudformation:sa-east-1:XXXXXXX:stack/notification-service*/*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:ValidateTemplate"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:Get*",
"s3:List*",
"s3:GetEncryptionConfiguration",
"s3:PutEncryptionConfiguration",
"s3:PutBucketPolicy"
],
"Resource": [
"arn:aws:s3:::notification-service*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::notification-service*/*"
]
},
{
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "arn:aws:logs:sa-east-1:XXXXXXX:log-group::log-stream:*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:DeleteLogStream",
"logs:DescribeLogStreams",
"logs:FilterLogEvents"
],
"Resource": "arn:aws:logs:sa-east-1:XXXXXXX:log-group:/aws/lambda/notification-service*:log-stream:*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateFunctionCode",
"lambda:ListVersionsByFunction",
"lambda:PublishVersion",
"lambda:CreateAlias",
"lambda:DeleteAlias",
"lambda:UpdateAlias",
"lambda:GetFunctionConfiguration",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:InvokeFunction"
],
"Resource": [
"arn:aws:lambda:*:XXXXXXX:function:notification-service*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:AttachRolePolicy",
"iam:DeleteRolePolicy"
],
"Resource": [
"arn:aws:iam::XXXXXXX:role/notification-service*-lambdaRole"
]
},
{
"Effect": "Allow",
"Action": [
"events:Put*",
"events:Remove*",
"events:Delete*",
"events:Describe*"
],
"Resource": "arn:aws:events::XXXXXXX:rule/notification-service*"
},
{
"Effect": "Allow",
"Action": [
"sns:GetTopicAttributes",
"sns:CreateTopic",
"sns:Publish",
"sns:Subscribe",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListPlatformApplications",
"sns:ListTopics",
"sns:ListTagsForResource"
],
"Resource": [
"arn:aws:sns:sa-east-1:XXXXXXX:*"
]
},
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:DELETE"
],
"Resource": [
"arn:aws:apigateway:sa-east-1::/restapis",
"arn:aws:apigateway:sa-east-1::/restapis/*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:ListFunctions"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
},
{
"Effect": "Allow",
"Action": [
"lambda:GetAccountSettings"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
}
]
}
有什么主意吗?我应该去哪里看看?
编辑:在JSON的末尾,我放置了我认为可以使我看到Lambda函数的策略:
"Effect": "Allow",
"Action": [
"lambda:ListFunctions"
],
"Resource": [
"arn:aws:lambda:sa-east-1:XXXXXXX:*:*"
]
但是不起作用。
0 个答案:
没有答案
相关问题
- ORA-12406:未经授权的策略SQL语句
- AWS“未授权执行sts:AssumeRoleWithWebIdentity”
- aws策略变量$ {aws:username}返回错误未经授权
- Laravel授权策略AccessDeniedHttpException此操作未经授权
- 未经授权AWS Cloudformation Role对角色执行AssumeRole
- Laravel 5.5:授权策略AccessDeniedHttpException此操作未经授权
- 处理未经授权的OpenID连接策略?
- AWS CLI:未经授权执行:资源上的sts:AssumeRole
- TPM似乎不执行授权策略
- 未经授权执行的AWS策略
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?