我为用户附加了以下政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetSecurityGroups"
],
"Resource": [
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:loadbalancer/app/my-lb/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:listener/app/my-lb/*/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:targetgroup/my-target-group/*"
]
},
]
}
我仍然看到以下错误:
Error: error reading ELBv2 Target Group (arn:aws:elasticloadbalancing:ap-south-1:XXXXXXXXXXXX:targetgroup/my-target-group/55718775ec3196ff): AccessDenied: User: arn:aws:iam::XXXXXXXXXXXX:user/deploy_user is not authorized to perform: elasticloadbalancing:DescribeTargetGroups
我无法理解这种行为。我看到策略被分为 ELB 和 ELB v2。所有“描述”权限都在 ELB v2 之下。 ELB v2 动作截图
