我正在执行跨账户部署,并且已在工具账户中创建了管道,当我运行管道时,我收到错误消息“服务角色或操作角色没有访问名为“privacy-”的 Amazon S3 存储桶所需的权限- event-processor-pipeline-km-artifactbucket-ejnoeedwqgck。更新 IAM 角色权限,然后重试。错误:Amazon S3:AccessDenied:访问被拒绝(服务:Amazon S3;状态代码:403;错误代码:AccessDenied;请求 ID)。 :FQ3BP5KY9KDJZ5DX;S3 扩展请求 ID:d0Dms19/xoPJBPMwzPPfB0mNXjfYG4CoFZaqN2IvOFt2wivLPj7zNfGx5wosuQMdJ0Q0vxB58Oc=;代理:空)。
我尝试修改 IAM 权限但仍然没有成功。以下是政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"codepipeline:CreatePipeline",
"codepipeline:GetPipeline",
"codepipeline:UpdatePipeline",
"codepipeline:DeletePipeline",
"codepipeline:StartPipelineExecution",
"codepipeline:StopPipelineExecution",
"iam:ListRoles",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"codecommit:ListRepositories",
"codecommit:GetBranch",
"codecommit:GetRepository",
"codecommit:ListBranches",
"codecommit:GetCommit",
"codecommit:GetRepositoryTriggers",
"codecommit:GitPull",
"codecommit:UploadArchive",
"codecommit:CancelUploadArchive",
"codebuild:BatchGetBuilds",
"codebuild:StartBuild",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"iam:PassRole",
"s3:PutObject",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation",
"codepipeline:StartPipelineExecution"
],
"Resource": [
"arn:aws:s3:::privacy-event-processor-pipeline-km-artifactbucket-ejnoeedwqgck",
"arn:aws:s3:::privacy-event-processor-pipeline-km-artifactbucket-ejnoeedwqgck/*",
"arn:aws:codecommit:us-west-2:009988776655:privacy-events-processor",
"arn:aws:cloudformation:us-west-2:112233445566:stack/privacy-events-processor-pipeline/fbd3d390-938d-11ef-9870-0a41f2f17491/*",
"arn:aws:codepipeline:us-west-2:112233445566:privacy-events-processor"
],
"Effect": "Allow"
},
{
"Action": [
"kms:Decrypt"
],
"Resource": "arn:aws:kms:us-west-2:112233445566:key/a087e598-256a-4c33-893d-315da1a9ee3a",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::privacy-event-processor-pipeline-km-artifactbucket-ejnoeedwqgck/*",
"arn:aws:s3:::privacy-event-processor-pipeline-km-artifactbucket-ejnoeedwqgck"
],
"Effect": "Allow"
},
{
"Action": [
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam::009988776655:role/PrivacEventProcessorPipelineCodeCommitRole",
"arn:aws:iam::009988776655:role/PrivacEventProcessorPipelineCloudFormationRole",
"arn:aws:iam::112233445566:role/PrivacEventProcessorPipelineCloudFormationRole"
],
"Effect": "Allow"
}
]
}