我尝试使用terraform添加简单的A记录但遇到了#34;访问被拒绝错误:
* aws_route53_record.dns_name: AccessDenied: User: arn:aws:iam::<#>:user/<username> is not authorized to access this resource
status code: 403, request id: <hash>
基于此链接,我不应该提供&#34;提供商aws&#34;在我的文件中定义。 我没有使用提供商和她的代码:
resource "aws_route53_record" "new_dns_name" {
zone_id = "${var.dns_zone_id}"
name = "${lookup(var.dns_name, var.region)}"
type = "A"
alias = {
name = "${lower(aws_elb.elb_https.dns_name)}"
zone_id = "${aws_elb.elb_https.zone_id}"
evaluate_target_health = false
}
}
我尝试使用terraform 0.8.4和0.11.3。
与cli密钥相关联的用户具有以下政策,但由于某种原因无效:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
我在这里做错了什么? 谢谢
答案 0 :(得分:0)
您遇到的错误是由于权限问题。未向您尝试创建路径53 A记录的用户分配适当的权限。
我强烈建议查看IAM部分下的权限 arn:aws:iam ::&lt;#&gt;:user / ,因为它似乎没有权限创建路线53记录。
答案 1 :(得分:0)
确保您具有管理route53的权限 这是我的route53访问权限
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticbeanstalk:DescribeEnvironments",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsite",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRegions",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "apigateway:GET",
"Resource": "arn:aws:apigateway:*::/domainnames"
}
]
}