我遵循了以下AWS开发人员论坛帖子中提到的说明。
https://forums.aws.amazon.com/thread.jspa?threadID=269056
政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:GetParametersByPath",
"ssm:GetParameters",
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:eu-central-1:XXXXXXXXXX:parameter/some-root/*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "ssm:DescribeParameters",
"Resource": "*"
}
]
}
我以角色将策略附加到目标帐户
当我从源帐户获得参数时,它可以工作,但是无法从目标帐户访问它们。
C:\Users\my-home>aws ssm get-parameters-by-path --path "/some-root/" --profile aws-acc-src
{
"Parameters": [
{
"Name": "/some-root/dev",
"Type": "SecureString",
"Value": "AQICAHh5z4qygT6rbxBnR/PmJn811vO30kBJNB+JrB1tdKNBeAEHFLSQDpTMsRMc1l0D8lXYAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM+Qmz5FoNcESEXabnAgEQgB6MdOlb545EPN61QqA50w7rH3sghmNWvxsLPPneHEA=",
"Version": 1,
"LastModifiedDate": "2020-10-06T16:03:32.637000+03:00",
"ARN": "arn:aws:ssm:eu-central-1:XXXXXXXX:parameter/some-root/dev"
}
]
}
aws ssm get-parameters-by-path --path "/some-root/" --with-decryption --profile aws-acc-src
{
"Parameters": [
{
"Name": "/some-root/dev",
"Type": "SecureString",
"Value": "foo",
"Version": 1,
"LastModifiedDate": "2020-10-06T16:03:32.637000+03:00",
"ARN": "arn:aws:ssm:eu-central-1:XXXXXXXX:parameter/some-root/dev"
}
]
}
aws ssm get-parameters-by-path --path "/some-root/" --with-decryption --profile aws-acc-target
{
"Parameters": []
}