我编写了一个自定义aws策略,为用户提供了对特定RDS实例的所有访问权限,但它在错误:
下面给出了User: arn:aws:iam::*******:user/dev-testrds-access is not authorized to perform: rds:DescribeDBInstances (Service: AmazonRDS; Status Code: 403; Error Code: AccessDenied; Request ID: )
AWS政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowRDSDescribe",
"Effect": "Allow",
"Action": "rds:Describe*",
"Resource": "arn:aws:rds:ap-southeast-1:********db:test-db*"
}
]
}
但是当我提到“资源”:“*”时,它可行。我不知道我哪里错了。我希望不是为所有实例提供对特定实例的访问权限。可以提供帮助