AWS Beanstalk - 获取“访问 Auto Scaling 和...时拒绝访问"错误 [英] AWS Beanstalk - getting "Access denied while accessing Auto Scaling and ..." error
问题描述
当我尝试从命令行启动 Elastic Beanstalk 环境时,我在此过程中收到此错误:
When I try to launch an Elastic Beanstalk environment from the command line, I get this error during the process:
环境健康状况已从待处理转变为警告.使用权使用访问 Auto Scaling 和 Elastic Load Balancing 时被拒绝角色arn:aws:iam::XXXXXXXXXX:role/aws-elasticbeanstalk-service-role".验证角色政策.
Environment health has transitioned from Pending to Warning. Access denied while accessing Auto Scaling and Elastic Load Balancing using role "arn:aws:iam::XXXXXXXXXX:role/aws-elasticbeanstalk-service-role". Verify the role policy.
当我从控制台启动它时,我没有收到此警告.我尝试从 CLI 复制相同的 AWS 控制台配置,但我仍然收到此错误.
When I launch it from the console, I do not get this warning. I have tried to replicate the same AWS console configuration from the CLI , but I still get this error.
知道发生了什么吗?
推荐答案
Elastic Beanstalk 现在使用服务角色代表您调用其他 AWS 服务.IAM 角色在您的账户中创建,您授予启动权限服务角色是可选的,但建议用于新环境.
Elastic Beanstalk now uses a Service Role to call other AWS services on your behalf. The IAM role is created in your account and you give permissions to launch Service role is optional but recommended for new environments.
特别是对于增强的健康监控(这是您根据错误消息使用的),服务角色是强制性的.错误配置的服务角色可能会导致此错误消息.
Especially for enhanced health monitoring (which is what your using based on the error message), service role is mandatory. A misconfigured service role can lead to this error message.
控制台体验使您可以非常轻松地创建/使用具有正确权限的角色.这是因为在使用创建环境向导时,您只需要从下拉列表中选择正确的角色(如果该角色已经存在).
The console experience makes it very easy for you to create/use the role with the correct permissions. This is because you just need to select the correct role from the dropdown (if the role already exists) when using the create environment wizard.
使用 CLI 时,您需要传递服务角色选项设置.(命名空间:aws:elasticbeanstalk:environment,option_name:ServiceRole).您可以在 此 文档.
When using the CLI you need to pass the service role option setting. (namespace: aws:elasticbeanstalk:environment, option_name: ServiceRole). You can find the required permissions for a role configured in this documentation.
在我之前的堆栈溢出回答这里中有更多关于服务角色的详细信息.
There are some more details about service role in my previous stack overflow answer here.
这篇关于AWS Beanstalk - 获取“访问 Auto Scaling 和...时拒绝访问"错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
