IAM 用户无权执行:application-autoscaling:DescribeScalableTargets

tag-icon tag-icon autoscaling amazon-iam
IAM 用户无权执行:application-autoscaling:DescribeScalableTargets

我正在尝试向集群添加自动缩放功能。但是我遇到了以下错误:

在此处输入图片描述

我已将 IAM 用户添加到这些新的安全组:

在此处输入图片描述

在此处输入图片描述

总共该用户具有以下权限:

 AmazonSQSFullAccess
  AWSElasticBeanstalkFullAccess
  AmazonS3FullAccess
  CloudWatchFullAccess
  AmazonDynamoDBFullAccess
  CloudFrontFullAccess
  AmazonEC2FullAccess
  CloudWatchLogsFullAccess
  AmazonEC2ContainerServiceFullAccess
  AmazonEC2ContainerRegistryPowerUser
  IAMReadOnlyAccess
  AmazonEC2ContainerServiceAutoscaleRole

我错过了什么?

编辑:

我已经添加了

自动扩展完全访问

应用程序自动扩展AmazonAppStreamAccess

但没有雪茄。

答案1

我需要将以下自定义策略添加到我的某个权限组

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "application-autoscaling:*",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:PutMetricAlarm"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

来源:http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html#auto-scaling-IAM

答案2

除了上述内容,我们还需要将 IAM 通行证角色添加到策略中。因此策略应如下所示:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricAlarm",
                "iam:GetRole",
                "iam:PassRole",
                "application-autoscaling:*",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": "<RESOURCE-ARN>"
        }
    ]
}

以下是参考网址:

[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html][1]

相关内容