在AWS中部署响应代码时发生GetParameters错误
在AWS中部署响应代码时发生GetParameters错误
提问于 2022-07-11 01:52:11
我试图部署我的反应应用程序在AWS弹性和我添加了一些参数。但是,当试图通过管道和codeBuild进行构建时,我得到了下面的错误:
Phase context status code: Decrypted Variables Error Message: AccessDeniedException: User: arn:aws:sts::MYCODE:assumed-role/codebuild-QA-service-role/AWSCodeBuild-4701b85f-fc5b-49c8-b2f9-f634930aca4f is not authorized to perform: ssm:GetParameters on resource: arn:aws:ssm:sa-east-1:MYCODE:parameter/PARAMETERVALUE because no identity-based policy allows the ssm:GetParameters action
我尝试使用下面的语法来允许用户codebuild-QA-service-role,但是仍然会出现这个错误。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeParameters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:sa-east-1:CODEHERE:parameter/*"
}
]
}
回答 1
Stack Overflow用户
发布于 2022-07-11 16:36:04
如果参数是SecureString类型的,则需要权限对它们进行解密。检查文档中所需的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:GetParameter*"
],
"Resource": "arn:aws:ssm:sa-east-1:CODEHERE:parameter/*"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": "arn:aws:kms:sa-east-1:CODEHERE:key/YOURKEY"
}
]}
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/72933030
复制相关文章
相似问题
腾讯云开发者
