我的serverless.yml文件看起来像这样
service: ham-services-elasticsearch
custom:
# Our stage is based on what is passed in when running serverless
# commands. Or fallsback to what we have set in the provider section.
stage: ${opt:stage, self:provider.stage}
provider:
name: aws
runtime: nodejs8.10
stage: dev
region: eu-west-1
iamRoleStatements:
- Effect: Allow
Action:
- es:*
Resource: 'arn:aws:es:#{AWS::Region}:#{AWS::AccountId}:domain/*'
resources:
Resources:
HamElasticSearch:
Type: "AWS::Elasticsearch::Domain"
Properties:
ElasticsearchVersion: "6.5"
DomainName: "ham-management"
ElasticsearchClusterConfig:
DedicatedMasterEnabled: false
InstanceCount: "1"
ZoneAwarenessEnabled: false
InstanceType: "t2.small.elasticsearch"
EBSOptions:
EBSEnabled: true
Iops: 0
VolumeSize: 10
VolumeType: "gp2"
AccessPolicies:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Principal:
AWS: "arn:aws:iam::#{AWS::AccountId}:user/ts-hga"
Action: "es:*"
Resource: "arn:aws:es:#{AWS::Region}:#{AWS::AccountId}:domain/*"
AdvancedOptions:
rest.action.multi.allow_explicit_index: "true"
Outputs:
HamElasticSearchArn:
Value:
Fn::GetAtt:
- HamElasticSearch
- DomainArn
Export:
Name: ${self:provider.stage}-HamElasticSearchArn
HamElasticSearchEndPoint:
Value:
Fn::GetAtt:
- HamElasticSearch
- DomainEndpoint
Export:
Name: ${self:provider.stage}-HamElasticSearchEndPoint
plugins:
- serverless-pseudo-parameters
当我进行无服务器部署时,我遇到了终端错误
An error occurred: HamElasticSearch - User: arn:aws:iam::**{AccountID}**:user/ts-hga is not authorized to perform: es:AddTags on resource: arn:aws:es:eu-west-1:**{AccountID}**:domain/* (Service: AWSElasticsearch; Status Code: 403; Error Code: AccessDeniedException; Request ID: dfd4f4a0-8603-11e9-86db-ff5f56201154).
相同的潜在原因是什么?任何帮助将不胜感激。