用户无权执行:cloudformation:CreateStack [英] User is not authorized to perform: cloudformation:CreateStack
问题描述
我正在尝试无服务器以创建AWS Lambda,并在使用命令创建项目时无服务器项目创建
我遇到以下错误。
I'm trying out Serverless to create AWS Lambdas and while creating a project using the command serverless project create
I'm getting the following error.
AccessDenied: User: arn:aws:iam::XXXXXXXXX:user/XXXXXXXXX is not authorized to perform: cloudformation:CreateStack on resource: arn:aws:cloudformation:us-east-1:XXXXXXXXX:stack/XXXXXXXXX-development-r/*
我已经创建了一个用户,并向该用户授予了以下权限。
I have created a user and granted the following permissions to the user.
- AWSLambdaFullAccess
- AmazonS3FullAccess
- CloudFrontFullAccess >
- AWSCloudFormationReadOnlyAccess(没有要授予的
AWSCloudFormationFullAccess
)
- AWSLambdaFullAccess
- AmazonS3FullAccess
- CloudFrontFullAccess
- AWSCloudFormationReadOnlyAccess ( There was no
AWSCloudFormationFullAccess
to grant )
我该如何进行?我还必须授予什么权限?
How can I proceed? What else permissions I have to grant?
推荐答案
您提到的最接近的是 AWSCloudFormationReadOnlyAccess
,但是显然,这是只读的,您需要 cloudformation:CreateStack
。将以下内容添加为用户策略。
The closest one that you've mentioned is AWSCloudFormationReadOnlyAccess
, but obviously that's for readonly and you need cloudformation:CreateStack
. Add the following as a user policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1449904348000",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack"
],
"Resource": [
"*"
]
}
]
}
完全有可能需要更多权限,例如,启动EC2例如,(重新)配置安全组等。
It's entirely possible you'll need more permissions- for instance, to launch an EC2 instance, to (re)configure security groups, etc.
这篇关于用户无权执行:cloudformation:CreateStack的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!