我正在尝试将boxfuse连接到我的aws帐户 我得到了以下。任何帮助都非常感谢
`Role with ARN arn:aws:iam::535880694150:role/Boxfuse-access has not been properly configured. Please check your configuration and try again. (AWSSecurityTokenService: AccessDenied -> User: arn:aws:iam::762186188748:user/boxfuse-console is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::535880694150:role/Boxfuse-access)`
我按照Boxfuse提供的说明,我错过了什么,我是否需要做任何特别的事情。我使用boxfuse提供的政策
{"Version": "2012-10-17","Statement":[
{"Sid":"allow","Effect":"Allow","Resource":["*"],
"Action":["ec2:*","elasticloadbalancing:*","autoscaling:*","rds:*","cloudwatch:*","iam:ListInstanceProfiles","iam:PassRole"]},
{"Sid":"ec2Deny","Effect":"Deny",
"Action":["ec2:*"],"Resource":["*"],"Condition":{"StringEquals":{"ec2:ResourceTag/boxfuse:ignore":"true"}}},
{"Sid":"rdsDeny","Effect":"Deny",
"Action":["rds:*"],"Resource":["*"],"Condition":{"StringEquals":{"rds:db-tag/boxfuse:ignore":"true"}}}]}
这就是我在Iam角色政策中的信任关系如何
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::762186188748:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "uxvmGXwfII4944dh"
},
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
答案 0 :(得分:1)
如说明书所述,应禁用多因素访问。在您的情况下,可以通过将策略文档更新为:
来解决此问题 {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::762186188748:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "uxvmGXwfII4944dh"
}
}
}
]
}