"Version": "2012-10-17",
"Statement": [{
"Sid": "Stmt1493724986000",
"Effect": "Allow",
"Action": [
"logs:CreateExportTask",
"logs:DescribeExportTasks",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Resource": [
"arn:<region>:logs:*:<account number>:log-group:<loggroupname>*"
]
},
{
"Sid": "Stmt1493724996000",
"Statement": [{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkAcls",
"ec2:DescribeAddresses",
"ec2:DescribeVpcEndpoints",
"s3:ListAllMyBuckets",
"iam:ListPolicies",
"iam:GetPolicy",
"iam:GetPolicyVersion"
],
"Resource": "*"
}]
},
{
"Sid": "Stmt1493725007000",
"Effect": "Allow",
"Action": [
"s3:GetBucketAcl",
"s3:ListBucket"
],
"Resource": [
"arn:<region>:s3:::<bucketname>"
]
},
{
"Sid": "Stmt1493725032000",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:<region>:s3:::<bucketname>/*"
]
}
]
}```
答案 0 :(得分:1)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1493724986000",
"Effect": "Allow",
"Action": [
"logs:CreateExportTask",
"logs:DescribeExportTasks",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Resource": [
"arn::logs:::log-group:"
]
},
{
"Sid": "Stmt1493724996000",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkAcls",
"ec2:DescribeAddresses",
"ec2:DescribeVpcEndpoints",
"s3:ListAllMyBuckets",
"iam:ListPolicies",
"iam:GetPolicy",
"iam:GetPolicyVersion"
],
"Resource": "arn::s3:::/"
},
{
"Sid": "Stmt1493725007000",
"Effect": "Allow",
"Action": [
"s3:GetBucketAcl",
"s3:ListBucket"
],
"Resource": [
"arn::s3:::/"
]
},
{
"Sid": "Stmt1493725032000",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn::s3:::/"
]
}
]
}
第二个语句中您仍然有"Statement": [。那不属于那里。
在“资源”部分中定义正确的ARN。