执行lambda时出现此错误
调用 DescribeVpcEndpoints 操作时发生错误(UnauthorizedOperation):您无权执行此操作。
我的政策详细信息:
Version": "2012-10-17",
"Statement": [
{
"Sid": "IngestionClusterNodes",
"Effect": "Allow",
"Action": [
"s3:*",
"glue:*",
"kms:*",
"sns:*",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:*",
"elasticmapreduce:*",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:PutResourcePolicy",
"secretsmanager:UpdateSecret",
"iam:GetGroup",
"ec2:*",
"events:*",
"logs:*",
"ses:*",
"sns:*",
"sns:Publish"
],
"Resource": [
"arn:aws:iam::*",
"arn:aws:ses:*",
"arn:aws:sqs:*",
"arn:aws:s3:::*",
"arn:aws:logs:*",
"arn:aws:sns:*",
"arn:aws:cloudformation:*",
"arn:aws:cloudwatch:*",
"arn:aws:secretsmanager:*",
"arn:aws:ec2:*",
"arn:aws:events:*:*:*",
"arn:aws:logs:*:*:*",
"arn:aws:autoscaling:*"
]
}
我已将上述政策附加到Lambda执行角色。
答案 0 :(得分:0)
我建议您只需将语句修改为;
{
"Sid": "IngestionClusterNodes",
"Effect": "Allow",
"Action": [
"s3:*",
"glue:*",
"kms:*",
"sns:*",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:*",
"elasticmapreduce:*",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret",
"secretsmanager:PutResourcePolicy",
"secretsmanager:UpdateSecret",
"iam:GetGroup",
"ec2:*",
"events:*",
"logs:*",
"ses:*",
"sns:*",
"sns:Publish"
],
"Resource": ["*"]
}
仅需注意,VPCendpoint没有Arns。只有id vpce-092e602ea1a16886e,因此资源块中的ec2:*不允许您描述vpc端点。