我创建了一个AWS Lambda函数,该函数应该将InstanceDBSnapshots从一个区域复制到另一个区域。
以下政策附于角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1510479591000",
"Effect": "Allow",
"Action": [
"rds:CreateDBInstance",
"rds:CreateDBSecurityGroup",
"rds:CreateDBSnapshot",
"rds:CreateDBSubnetGroup",
"rds:DeleteDBInstance",
"rds:DeleteDBSecurityGroup",
"rds:DeleteDBSnapshot",
"rds:DeleteDBSubnetGroup",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:ModifyDBInstance",
"rds:ModifyDBSubnetGroup",
"rds:RestoreDBInstanceFromDBSnapshot"
],
"Resource": [
"arn:aws:rds:*"
]
}
]
}
亚马逊政策称:" AWSLambdaBasicExecutionRole"。
当我运行该函数时,我收到以下错误:
START RequestId:c5f62f26-c7b6-11e7-8fd4-c9b54c37d712版本:$ LATEST 调用DescribeDBSnapshots时发生错误(AccessDenied) 操作:用户: arn:aws:sts :: ACCOUNT:assume-role / cc / Cross-Copy-DB-Snapshots不是 授权执行:rds:DescribeDBSnapshots:ClientError
我不明白那是什么" arn:aws:sts"以及如何让这个功能正常运行。
任何人都知道这个问题以及如何解决它?
答案 0 :(得分:1)
你的角色有问题;这应该有效:
Definition test (A:Type) (x y:A) : option (x = y) :=
match eq_dec x y as b return eq_dec x y = b -> option (x = y) with
| true => fun p => Some (eq_dec_correct A x y p)
| false => fun _ => None
end (eq_refl (eq_dec x y)).