0

我为用户附加了以下政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Action": [
            "elasticloadbalancing:CreateLoadBalancer",
            "elasticloadbalancing:CreateTargetGroup",
            "elasticloadbalancing:DescribeTargetHealth",
            "elasticloadbalancing:DescribeTargetGroups",
            "elasticloadbalancing:DescribeTargetGroupAttributes",
            "elasticloadbalancing:DescribeLoadBalancerAttributes",
            "elasticloadbalancing:DescribeTargetGroupAttributes",
            "elasticloadbalancing:DescribeListeners",
            "elasticloadbalancing:DescribeLoadBalancers",
            "elasticloadbalancing:DescribeTags",
            "elasticloadbalancing:DeleteLoadBalancer",
            "elasticloadbalancing:CreateListener",
            "elasticloadbalancing:CreateRule",
            "elasticloadbalancing:DeleteListener",
            "elasticloadbalancing:DeleteRule",
            "elasticloadbalancing:DeleteTargetGroup",
            "elasticloadbalancing:ModifyListener",
            "elasticloadbalancing:ModifyLoadBalancerAttributes",
            "elasticloadbalancing:ModifyRule",
            "elasticloadbalancing:ModifyTargetGroup",
            "elasticloadbalancing:ModifyTargetGroupAttributes",
            "elasticloadbalancing:RegisterTargets",
            "elasticloadbalancing:SetSecurityGroups"
        ],
        "Resource": [
            "arn:aws:elasticloadbalancing:ap-south-1:736855795947:loadbalancer/app/my-lb/*",
            "arn:aws:elasticloadbalancing:ap-south-1:736855795947:listener/app/my-lb/*/*",
            "arn:aws:elasticloadbalancing:ap-south-1:736855795947:targetgroup/my-target-group/*"
        ]
    },
    ]
}

我仍然看到以下错误:

Error: error reading ELBv2 Target Group (arn:aws:elasticloadbalancing:ap-south-1:XXXXXXXXXXXX:targetgroup/my-target-group/55718775ec3196ff): AccessDenied: User: arn:aws:iam::XXXXXXXXXXXX:user/deploy_user is not authorized to perform: elasticloadbalancing:DescribeTargetGroups

我无法理解这种行为。我看到策略被分为 ELB 和 ELB v2。所有“描述”权限都在 ELB v2 之下。 ELB v2 动作截图

4

1 回答 1

0

由于DescribeTargetGroups不支持资源级权限,请尝试使用*

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:DescribeTargetGroups",
            "Resource": "*"
        }
    ]
}
于 2021-07-07T23:07:17.660 回答