以下是我为 AWS SSO 权限集添加/更新内联策略的 Python 代码:
# In actual code adding escape characters
Inline_Policy="
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
] "
response = client.put_inline_policy_to_permission_set(
InstanceArn='arn:aws:sso:::instance/ssoins-sssss',
PermissionSetArn='arn:aws:sso:::permissionSet/ssoins-sssss/ps-sssss',
InlinePolicy=Inline_Policy)
我收到错误消息:
"errorMessage": "调用 PutInlinePolicyToPermissionSet 操作时发生错误 (AccessDeniedException):用户:arn:aws:sts::ddddddd:assumed-role/Modify_Permission_Set-role-ssss/Modify_Permission_Set 无权执行:sso:PutInlinePolicyToPermissionSet on resource : arn:aws:sso:::permissionSet/ssoins-sssss/ps-sssss"
我尝试为执行该函数的 Lambda 角色添加管理员策略,但仍然被拒绝权限。
是否有与常规 IAM 权限不同的方式来处理 SSO 权限集?
附加到 Lambda 的管理策略
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}