AWS AssumeRole 一直返回访问被拒绝

AWS AssumeRole 一直返回访问被拒绝

我制定了一项新政策

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "sts:AssumeRole",
        "sts:AssumeRoleWithSAML",
        "sts:AssumeRoleWithWebIdentity"
      ],
      "Resource": "*"
    }
  ]
}
  • 我已将此策略作为“添加权限”添加到用户。
  • 我已将策略添加到组并将用户添加到该组
  • 我已将策略添加到角色并编辑了信任关系

这是信任关系的定义

{
  "Version": "2012-10-17",
  "Statement": [
  {
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
    "Service": [
      "apigateway.amazonaws.com",
      "lambda.amazonaws.com",
      "events.amazonaws.com"
    ],
    "AWS": [
      "<user_arn>"
    ]
    },
    "Action": "sts:AssumeRole"
  }
  ]
}

然而,当调用

aws sts assume-role --role-arn "arn:aws:quicksight:us-east-1:<user_id>:user/default/..." --role-session-name test-session

我仍然收到拒绝访问的提示?

相关内容