允许用户访问单个弹性代码转换器管道的AWS IAM策略

Question

我目前有一个用户策略，允许用户访问分配给它们的特定S3存储桶。这完美地运作。但是，现在我需要向此策略附加指令，以授予用户访问为其创建的Elastic Transcoder管道的权限。我已尝试按照here的说明操作，但政策仍然失败。我是IAM策略语法的新手，可以使用手。见下面的例子：

当前的功能政策：

{
    "Statement": [
        {
            "Effect": "Allow",
            "NotAction": [
                "s3:CreateBucket",
                "s3:DeleteBucket"
            ],
            "Resource": "arn:aws:s3:::org-b-bucket",
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::org-b-bucket/*",
            "Condition": {}
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*",
            "Condition": {}
        }
    ]
}

已编辑的政策尝试添加权限（已插入虚拟帐户信息）：

{
        "Statement": [
            {
                "Effect": "Allow",
                "NotAction": [
                    "s3:CreateBucket",
                    "s3:DeleteBucket"
                ],
                "Resource": "arn:aws:s3:::org-b-bucket",
                "Condition": {}
            },
            {
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::org-b-bucket/*",
                "Condition": {}
            },
            {
                "Effect": "Allow",
                "Action": "s3:ListAllMyBuckets",
                "Resource": "*",
                "Condition": {}
            },
{
         "Effect":"Allow",
         "Action":[
            "elastictranscoder:List*",
            "elastictranscoder:Read*",
            "elastictranscoder:CreateJob"
         ],
         "Resource":[
            "arn:aws:elastictranscoder:us-east-1:123456789123:pipeline/1234567891234-qwerty",
            "arn:aws:elastictranscoder:us-east-1:123456789123:job/*"
         ]
      }
        ]
    }

Answer 1

您应该检查区域，为创建管道时设置的客户端选择相同的区域。 check it here for detailed ansewr