在理解此模块时遇到一些麻烦。有人可以建议吗?
可行任务
name: Create Config Rule for AWS Config
aws_config_rule:
name: test_config_rule
state: present description: 'This AWS Config rule sets default region to us-east-1'
region: us-east-1 source:
owner: AWS
identifier: 'AWS_REGION'
政策
{ "Effect": "Allow", "Action": [ "config:PutConfigRule", "config:DeleteConfigRule", "config:DeleteEvaluationResults" ],
"Resource": "arn:aws:sts::704506075394:assumed-role/PackerRole/i-0d0ea92a51bfc0707:test_config_rule" }
输出
"AccessDeniedException", "message": "User: arn:aws:sts::704506075394:assumed-role/PackerRole/i-0691e41a41c553693 is not authorized to perform: config:PutConfigRule on resource: test_config_rule"}, "msg": "Couldn't create AWS Config rule: An error occurred (AccessDeniedException) when calling the PutConfigRule operation: User: arn:aws:sts::704506075394:assumed-role/PackerRole/i-0691e41a41c553693 is not authorized to perform: config:PutConfigRule on resource: test_config_rule", "response_metadata": {"http_headers": {"connection": "close", "content-length": "203", "content-type": "application/x-amz-json-1.1", "date": "Thu, 09 May 2019 18:11:34 GMT", "strict-transport-security": "max-age=86400", "x-amzn-requestid": "e169931d-7285-11e9-86c8-ef1dbf107e2a"}, "http_status_code": 400, "request_id": "e169931d-7285-11e9-86c8-ef1dbf107e2a", "retry_attempts": 0}}
答案 0 :(得分:0)
IAM策略中的资源元素应为*或配置规则ARN。