未经授权执行:资源上的SNS:ListTopics:arn:aws:sns

时间:2020-03-31 05:18:20

标签: amazon-web-services amazon-sns

在指定特定资源时,我遇到以下错误,但是如果我使用*,它工作正常。请提出建议。

错误:

com.amazonaws.services.sns.model.AuthorizationErrorException: User: arn:aws:sts::11111111:
assumed-role/iam-role_test/1234567 is not authorized to perform: SNS:ListTopics on resource: arn:aws:sns:us-east-1:11111111:* 
(Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError; Request ID: fae398a7-b776-5643-9f30-ce5a80344)

以下为政策:

  ICMEC2Policy:
    Type: 'AWS::IAM::Policy'
    Properties:
      PolicyName: pe_test
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Action:
              - 'SNS:ListTopics'
              - 'SNS:Publish'
              - 'SNS:Unsubscribe'
              - 'SNS:ListTagsForResource'
            Resource:
              - !Sub 'arn:aws:sns:${AWS::Region}:${AWS::AccountId}:workflow-alerts'

1 个答案:

答案 0 :(得分:0)

根据错误消息判断,可能是您的用户尝试在代码中列出所有主题,而不仅仅是您为其提供访问权限的主题。

相关问题
最新问题