我制定了一项新政策
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"sts:AssumeRole",
"sts:AssumeRoleWithSAML",
"sts:AssumeRoleWithWebIdentity"
],
"Resource": "*"
}
]
}
- 我已将此策略作为“添加权限”添加到用户。
- 我已将策略添加到组并将用户添加到该组
- 我已将策略添加到角色并编辑了信任关系
这是信任关系的定义
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"apigateway.amazonaws.com",
"lambda.amazonaws.com",
"events.amazonaws.com"
],
"AWS": [
"<user_arn>"
]
},
"Action": "sts:AssumeRole"
}
]
}
然而,当调用
aws sts assume-role --role-arn "arn:aws:quicksight:us-east-1:<user_id>:user/default/..." --role-session-name test-session
我仍然收到拒绝访问的提示?