因此,我遵循了 this AWS 教程并创建了此 IAM 策略,该策略应授予对具有这些键的任何 dynamodb 操作的访问权限。但是正如您在所附图片中看到的那样,它告诉我我没有任何许可。它也确实发生在其他服务上,所以不仅是 dynamodb,我还尝试在策略中对“access-project”标签进行硬编码,就像您看到的“access-environment”一样。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllActionsSameProjectEnvironment",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:ResourceTag/access-environment": "pre"
},
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"access-project",
"access-environment",
"Name",
"OwnedBy"
]
},
"StringEqualsIfExists": {
"aws:RequestTag/access-project": "${aws:PrincipalTag/access-project}",
"aws:RequestTag/access-environment": "pre"
}
}
}
]
}
知道为什么会这样吗?谢谢!