4
我想使用組合文件爲ECS創建一個新的任務,但即使在我的用戶具有所需的權限時,我也會收到AccessDeniedException。IAM使用ecs-cli時出錯
$ ecs-cli compose --project-name test create
WARN[0000] Skipping unsupported YAML option for service... option name=build service name=builder
WARN[0000] Skipping unsupported YAML option for service... option name=restart service name=db
WARN[0000] Skipping unsupported YAML option for service... option name=restart service name=dbadmin
WARN[0000] Skipping unsupported YAML option for service... option name=restart service name=app
ERRO[0001] Error registering task definition error=AccessDeniedException: User: arn:aws:iam::XXXXXXX:user/foo is not authorized to perform: ecs:RegisterTaskDefinition on resource: *
status code: 400, request id: 41e6b69a-a839-11e6-84b0-e9bc2ec3f81b family=ecscompose-test
ERRO[0001] Create task definition failed error=AccessDeniedException: User: arn:aws:iam::XXXXXXX:user/foo is not authorized to perform: ecs:RegisterTaskDefinition on resource: *
status code: 400, request id: 41e6b69a-a839-11e6-84b0-e9bc2ec3f81b
FATA[0001] AccessDeniedException: User: arn:aws:iam::XXXXXXX:user/foo is not authorized to perform: ecs:RegisterTaskDefinition on resource: *
status code: 400, request id: 41e6b69a-a839-11e6-84b0-e9bc2ec3f81b
用戶有這樣的政策附:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:RegisterTaskDefinition",
"ecs:ListTaskDefinitions",
"ecs:DescribeTaskDefinition"
],
"Resource": [
"*"
]
}
]
}
我也試着安裝了AmazonEC2ContainerServiceFullAccess(即具有ECS:*),但沒有奏效。
您是否嘗試了全功率用戶權限?如果這仍然不起作用,許可的事情可能是一個紅鯡魚。 – mcheshier
我試過AmazonEC2ContainerServiceFullAccess該用戶 – agusluc
正確,但它可能取決於一些其他權限,而不是正確地中繼錯誤。它至少會規定許可問題。 – mcheshier