我正在尝试向集群添加自动缩放功能。但是我遇到了以下错误:
我已将 IAM 用户添加到这些新的安全组:
总共该用户具有以下权限:
AmazonSQSFullAccess
AWSElasticBeanstalkFullAccess
AmazonS3FullAccess
CloudWatchFullAccess
AmazonDynamoDBFullAccess
CloudFrontFullAccess
AmazonEC2FullAccess
CloudWatchLogsFullAccess
AmazonEC2ContainerServiceFullAccess
AmazonEC2ContainerRegistryPowerUser
IAMReadOnlyAccess
AmazonEC2ContainerServiceAutoscaleRole
我错过了什么?
编辑:
我已经添加了
自动扩展完全访问
和
应用程序自动扩展AmazonAppStreamAccess
但没有雪茄。
答案1
我需要将以下自定义策略添加到我的某个权限组
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"application-autoscaling:*",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Resource": [
"*"
]
}
]
}
答案2
除了上述内容,我们还需要将 IAM 通行证角色添加到策略中。因此策略应如下所示:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricAlarm",
"iam:GetRole",
"iam:PassRole",
"application-autoscaling:*",
"cloudwatch:DescribeAlarms"
],
"Resource": "<RESOURCE-ARN>"
}
]
}
以下是参考网址:
[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html][1]