Amazon RedShift:访问被拒绝RestoreClusterSnapshot请求 [英] Amazon Redshift : Acces Denied RestoreClusterSnapshotRequest
本文介绍了Amazon RedShift:访问被拒绝RestoreClusterSnapshot请求的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用的代码为:
var con = new AmazonRedshiftClient(acess_key_id, secret_acess_key, Amazon.RegionEndpoint.USWest2);
var restore = new Amazon.Redshift.Model.RestoreFromClusterSnapshotRequest()
{
ClusterIdentifier = clusterIdentifier,
SnapshotIdentifier = snapshotIdentifier,
AvailabilityZone = "us-west-2a",
};
var response = con.RestoreFromClusterSnapshot(restore);
Console.WriteLine("Cluster Status : {0}", response.Cluster.ClusterStatus);
当它调用RestoreClusterSnapshotRequest操作时,我有一个异常: "访问被拒绝。请确保您的IAM权限允许此操作。"
对Amazon RedShift使用基于身份的策略(IAM策略)如下 政策:{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"redshift:CopyClusterSnapshot",
"redshift:RestoreFromClusterSnapshot",
"redshift:AuthorizeSnapshotAccess",
"redshift:RevokeSnapshotAccess"
],
"Resource": [
"arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd",
"arn:aws:redshift:us-west-2: {AccoundId}:cluster:*"
]
},
{
"Effect": "Allow",
"Action": [
"redshift:DescribeClusterSnapshots"
],
"Resource": [
"*"
]
}
]
}
谁能帮我克服这个问题?如果我在这个过程中有任何错误,请纠正我。。
提前谢谢
推荐答案
按照the other answer中的建议,您应该更改此行:
"arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd",
至
"arn:aws:redshift:us-west-2:{AccoundId}:snapshot:*/backup-20160208-dbrd",
此外,通过大量试验和AWS支持人员的帮助,我发现您还需要几个ec2
权限才能从快照恢复RedShift集群。此时的列表为:
{
"Sid": "",
"Effect": "Allow",
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways"
],
"Resource": "*"
}
您可能只想执行ec2:Describe*
以方便和/或防止将来更改确切的权限集时中断此操作。
应很快使用此信息更新Amazon Redshift Snapshots docs(搜索"RestoreFromClusterSnapshot")。
这篇关于Amazon RedShift:访问被拒绝RestoreClusterSnapshot请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文