无法更新 Elasticbeanstalk 环境
Cannot update Elasticbeanstalk environment
我正在使用我的 EC2 实例中 AWSElasticBeanstalkClient 的 public UpdateEnvironmentResult updateEnvironment(UpdateEnvironmentRequest updateEnvironmentRequest) 方法,但出现以下错误
com.amazonaws.services.elasticbeanstalk.model.InsufficientPrivilegesException: You do not have permission to perform the 's3:CreateBucket' action. Verify that your S3 policies and your ACLs allow you to perform these actions. (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: 412d8fab-0cfe-11e6-928e-e1e1532d705e)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.doInvoke(AWSElasticBeanstalkClient.java:2223)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.invoke(AWSElasticBeanstalkClient.java:2193)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.updateEnvironment(AWSElasticBeanstalkClient.java:2093)
我的 IAM 角色无权访问 s3:create 存储桶。但是为什么需要创建桶呢?有什么解决方法吗?
正在将应用程序源包上传到 S3。
授予您的实例 AWSElasticBeanstalkWebTier 策略权限。这将使您可以实例访问名为 elasticbeanstalk* 的存储桶,SDK 将命名该存储桶。
我最近将 Lambda 函数的策略从弃用的 AWSLambdaFullAccess 更新为 AWSLambda_FullAccess 后发生在我身上。如果您还使用 SAM 模板来部署 Lambda 函数,请通过将此添加到您的模板来扩展权限:
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Timeout: 270
Policies:
- AWSLambda_FullAccess
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
我正在使用我的 EC2 实例中 AWSElasticBeanstalkClient 的 public UpdateEnvironmentResult updateEnvironment(UpdateEnvironmentRequest updateEnvironmentRequest) 方法,但出现以下错误
com.amazonaws.services.elasticbeanstalk.model.InsufficientPrivilegesException: You do not have permission to perform the 's3:CreateBucket' action. Verify that your S3 policies and your ACLs allow you to perform these actions. (Service: AWSElasticBeanstalk; Status Code: 403; Error Code: InsufficientPrivilegesException; Request ID: 412d8fab-0cfe-11e6-928e-e1e1532d705e)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1389)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:902)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:607)
at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:376)
at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:338)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:287)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.doInvoke(AWSElasticBeanstalkClient.java:2223)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.invoke(AWSElasticBeanstalkClient.java:2193)
at com.amazonaws.services.elasticbeanstalk.AWSElasticBeanstalkClient.updateEnvironment(AWSElasticBeanstalkClient.java:2093)
我的 IAM 角色无权访问 s3:create 存储桶。但是为什么需要创建桶呢?有什么解决方法吗?
正在将应用程序源包上传到 S3。
授予您的实例 AWSElasticBeanstalkWebTier 策略权限。这将使您可以实例访问名为 elasticbeanstalk* 的存储桶,SDK 将命名该存储桶。
我最近将 Lambda 函数的策略从弃用的 AWSLambdaFullAccess 更新为 AWSLambda_FullAccess 后发生在我身上。如果您还使用 SAM 模板来部署 Lambda 函数,请通过将此添加到您的模板来扩展权限:
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Timeout: 270
Policies:
- AWSLambda_FullAccess
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy