1

我正在尝试将 boxfuse 连接到我的 aws 帐户,我得到以下信息。非常感谢任何帮助

`Role with ARN arn:aws:iam::535880694150:role/Boxfuse-access has not been properly configured. Please check your configuration and try again. (AWSSecurityTokenService: AccessDenied -> User: arn:aws:iam::762186188748:user/boxfuse-console is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::535880694150:role/Boxfuse-access)`

我按照 Boxfuse 提供的说明进行操作,我是否遗漏了什么,我需要做一些特别的事情吗?我使用了 boxfuse 提供的政策

{"Version": "2012-10-17","Statement":[ {"Sid":"allow","Effect":"Allow","Resource":["*"], "Action":["ec2:*","elasticloadbalancing:*","autoscaling:*","rds:*","cloudwatch:*","iam:ListInstanceProfiles","iam:PassRole"]}, {"Sid":"ec2Deny","Effect":"Deny", "Action":["ec2:*"],"Resource":["*"],"Condition":{"StringEquals":{"ec2:ResourceTag/boxfuse:ignore":"true"}}}, {"Sid":"rdsDeny","Effect":"Deny", "Action":["rds:*"],"Resource":["*"],"Condition":{"StringEquals":{"rds:db-tag/boxfuse:ignore":"true"}}}]}

这就是我在 Iam 角色政策中的信任关系的样子

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::762186188748:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "uxvmGXwfII4944dh" }, "Bool": { "aws:MultiFactorAuthPresent": "true" } } } ] }

4

1 回答 1

1

如说明中所述,应关闭多因素访问。在您的情况下,可以通过将策略文档更新为:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::762186188748:root" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "uxvmGXwfII4944dh" } } } ] }

于 2016-04-20T08:56:23.263 回答