我正在使用来自我的EC2实例的public UpdateEnvironmentResult updateEnvironment(UpdateEnvironmentRequest updateEnvironmentRequest) AWSElasticBeanstalkClient方法,但收到以下错误
com.amazonaws.services.elasticbeanstalk.model.InsufficientPrivilegesException: You do not have permission to perform the 's3:CreateBucket' action. Verify that your S3 policies and your ACLs allow you to perform these actions. (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: 412d8fab-0cfe-11e6-928e-e1e1532d705e)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.doInvoke(AWSElasticBeanstalkClient.java:2223)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.invoke(AWSElasticBeanstalkClient.java:2193)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.updateEnvironment(AWSElasticBeanstalkClient.java:2093)
我的IAM角色无法访问s3:create bucket。但为什么需要创建桶?有没有解决方法?
答案 0 :(得分:2)
正在将应用程序源包上传到S3。
授予您的实例AWSElasticBeanstalkWebTier政策权限。这将使您实例访问名为elasticbeanstalk *的存储桶,SDK将命名存储桶。
答案 1 :(得分:1)
最近我将 Lambda 函数的策略从弃用的 AWSLambdaFullAccess 更新为 AWSLambda_FullAccess 后发生了这种情况。如果您还使用 SAM 模板来部署您的 Lambda 函数,请通过将其添加到您的模板来扩展权限:
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Timeout: 270
Policies:
- AWSLambda_FullAccess
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy