错误:获取备份保管库时出错:AccessDeniedException:
Posted
技术标签:
【中文标题】错误:获取备份保管库时出错:AccessDeniedException:【英文标题】:Error: Error getting Backup Vault: AccessDeniedException: 【发布时间】:2021-04-22 02:07:43 【问题描述】:有人可以帮忙解决这个错误吗?我正在配置 AWS Backup 并收到此错误消息。我尝试了很多方式(IAM 政策等),但没有运气。非常感谢任何帮助。
状态码:403,请求ID:501c0713-0ce9-4879-93f6-1887322a38be
【问题讨论】:
有没有想过这个问题?遇到同样的问题。 【参考方案1】:我使用 terraform 遇到了这个问题。我通过将"backup-storage:MountCapsule" 权限添加到我用来创建资源的角色的策略来解决这个问题。这是稍微编辑的策略和角色配置。希望这对某人有所帮助。
data "aws_iam_policy_document" "CloudFormationServicePolicy"
statement
sid = "AllResources"
effect = "Allow"
actions = [
"backup:*",
"backup-storage:MountCapsule",
...
]
resources = ["*"]
statement
sid = "IAM"
effect = "Allow"
actions = ["iam:PassRole"]
resources = ["*"]
resource "aws_iam_policy" "CloudFormationServicePolicy"
name = "$local.resource_name-CloudFormationServicePolicy"
description = "policy for the IAM role "
path = "/$local.metadata["project"]/$local.metadata["application"]/"
policy = data.aws_iam_policy_document.CloudFormationServicePolicy.json
resource "aws_iam_role" "CloudFormationServiceRole"
name = "$local.resource_name-CloudFormationServiceRole"
description = "Allow cluster to manage node groups, fargate nodes and cloudwatch logs"
force_detach_policies = true
assume_role_policy = jsonencode(
"Version" : "2012-10-17",
"Statement" : [
"Action" : "sts:AssumeRole",
"Principal" :
"Service" : ["cloudformation.amazonaws.com", "ecs-tasks.amazonaws.com"]
,
"Effect" : "Allow",
"Sid" : "TrustStatement"
,
"Effect" : "Allow",
"Principal" :
"AWS" : "arn:aws:iam::xxxxxxx:role/OrganizationAdministratorRole"
,
"Action" : "sts:AssumeRole"
]
)
resource "aws_iam_role_policy_attachment" "CloudFormationService_task_role_policy_attachment"
role = aws_iam_role.CloudFormationServiceRole.name
policy_arn = aws_iam_policy.CloudFormationServicePolicy.arn
【讨论】:
以上是关于错误:获取备份保管库时出错:AccessDeniedException:的主要内容,如果未能解决你的问题,请参考以下文章
wkhtmltopdf - 错误 127 - 加载共享库时出错:libjpeg.so.8:无法打开共享对象文件:没有这样的文件或目录
android 应用程序中的 Geckoview 因错误“java.lang.Exception:加载 sqlite 库时出错”而崩溃