AWS:Permission Boundaries具有IAM创建角色权限,但是我无法创建角色

时间:2020-02-14 09:08:10

标签: amazon-web-services amazon-iam

在权限范围内

{
            "Sid": "ChangeCreateOnlyboundary",
            "Effect": "Allow",
            "Action": [
                "iam:CreateUser",
                "iam:DeleteUserPolicy",
                "iam:AttachUserPolicy",
                "iam:DetachUserPolicy",
                "iam:PutUserPermissionsBoundary",
                "iam:CreateRole",
                "iam:DeleteRolePolicy",
                "iam:AttachRolePolicy",
                "iam:DetachRolePolicy",
                "iam:PutRolePermissionsBoundary"
            ],
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:PermissionsBoundary": [
                        "arn:aws:iam::777777:policy/jui_boundary_policy",
                        "arn:aws:iam::aws:policy/JavaUserAccess"
                    ]
                }
            }
        },

但无法创建角色

User: arn:aws:sts:.....:assumed-role/..../.... is not authorized to perform: iam:CreateRole on resource: arn:aws:iam:::role/AWSBatchServiceRole

0 个答案:

没有答案
相关问题
最新问题