当我尝试从s3导入vhd文件到EC2时出现以下错误
我的个人资料附加了以下政策:
IAMFullAccess
VMImportExportRoleForAWSConnector
AmazonEC2FullAccess
AmazonS3FullAccess
AmazonVPCFullAccess
IAMReadOnlyAccess
AmazonRoute53FullAccess
RegionRestrictions
我创建了如下所示的受信任角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "amosvmimport"
}
}
}
] }
我创建了如下的受信任策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:FullAccess"
],
"Resource": [
"arn:aws:s3:::cloudforms.vhd"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::cloudforms.vhd/*"
]
},
{
"Effect": "Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*",
"ec2:FullAccess"
],
"Resource": "*"
}
]
}
以下命令成功运行:
aws iam create-role --role-name amosvmimport --assume-role-policy-document file://trust-policy.json
aws iam put-role-policy --role-name amosvmimport --policy-name amosvmimport --policy-document file://role-policy.json
但是当我尝试运行时:
aws ec2 import-image --disk-containers file://containers.json --region ap-south-1
它给我以下错误:
调用ImportImage操作时发生错误(UnauthorizedOperation):您无权执行此操作。
如果我错过了此手术的任何政策,请告诉我吗?