我正在尝试生成策略并将其附加到我的证书。我使用下一个代码:
String topicName = String.format("certificates/%s", certificateId);
String policyName = String.format("Policy_%s", certificateId);
String target = String.format("arn:aws:iot:%s:123456789012:cert/%s", region, certificateId);
String policy = String.format(POLICY, certificateId, topicName, topicName);
awsIotClient.createPolicy(new CreatePolicyRequest().withPolicyDocument(policy).withPolicyName(policyName));
awsIotClient.attachPolicy(new AttachPolicyRequest().withTarget(target).withPolicyName(policyName));
尝试执行awsIotClient.attachPolicy(...)时出现错误:
Exception in thread "main" com.amazonaws.services.iot.model.AWSIotException: Cross account not allowed. (Service: AWSIot; Status Code: 403; Error Code: AccessDeniedException; Request ID: b943-.....
我的用户帐户具有AdministratorAccess权限。为什么我得到此错误以及如何解决?预先感谢。
答案 0 :(得分:0)
我发现了一个错误。它是arn:aws:iot:%s:123456789012:cert /%s中的accountId。我的AWS用户有另一个accountId,我试图将策略添加到另一个account_ID,所以出现了“不允许跨账户”错误。