我正在尝试使用以下 CLI 命令获取 ELB 中应用程序的运行状况。
aws elasticbeanstalk describe-environments --environment-nam my-env
当资源策略为策略 A 时,它工作正常:
我的应用名称:“QT”
政策 A:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEnvironmenthealth"]
}
"Resource": ["*"],
"Condition": {
"StringLike": {
"elasticbeanstalk:InApplication": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/QT*"],
}
}
]
}
政策 B:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEnvironmenthealth"]
}
"Resource": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/QT"]
]
}
问题是, 当我使用策略 A 时它有效,但当我使用策略 B 时它不起作用。 我不能使用策略 A,因为它违反了标准(资源列中的通配符使用)
策略 B 保持合规,但它向 CLI 命令返回空列表作为结果。
非常感谢任何帮助。 TIA。
答案 0 :(得分:1)
在第二种情况下,您只是提供应用程序的 ARN,而不是环境。特定 EB 环境的政策是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEnvironmenthealth"],
"Resource": ["arn:aws:elasticbeanstalk:us-east-2:123456789012:application/QT/my-env"]
}
]
}
此外,您的 AWS CLI 命令不正确。应该是:
aws elasticbeanstalk describe-environments --environment-names my-env