copyLamdaFunction 创建失败

问题描述 投票:0回答:1

我尝试使用源在AWS上部署数据湖:https://aws-ia.github.io/cfn-ps-datalake-foundation/但我收到错误。

数据湖基础-DataLakeFoundationStack-IS67G4LRJQIU-ElasticsearchStack-YY9NNQARTKAR 创建_失败

以下资源创建失败:[CopyLambdaDeployment]。

云观察日志: 调用CopyObject操作时发生错误(AccessDenied):Access Denied

这个问题有什么解决办法吗?

请查找屏幕截图。在此处输入图像描述

根据收到的解决方案,我尝试添加 IAM 权限,但没有一个起作用。

角色部署数据湖的 IAM 权限。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListBucket",
                "s3:CreateBucket",
                "s3:PutBucketPolicy",
                "s3:DeleteBucket",
                "s3:PutBucketNotification",
                "s3:PutBucketAcl",
                "s3:GetObjectTagging",
                "s3:PutObjectTagging",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::datalake-submissions",
                "arn:aws:s3:::datalake-athena-query-results/*",
                "arn:aws:s3:::datalake-curated-datasets",
                "arn:aws:s3:::datalake-curated-datasets/*",
                "arn:aws:s3:::datalake-published-data",
                "arn:aws:s3:::datalake-published-data/*",
                "arn:aws:s3:::datalake-submissions/*",
                "arn:aws:s3:::regional-lambda-bucket/*",
                "arn:aws:s3:::regional-lambda-bucket",
                "arn:aws:s3:::datalake-athena-query-results"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kinesis:*",
                "kinesisanalytics:*",
                "lambda:*",
                "glue:*",
                "kinesis:CreateStream",
                "kinesis:DescribeStream",
                "kinesis:PutRecord",
                "kinesis:PutRecords",
                "lambda:CreateFunction",
                "lambda:UpdateFunctionCode",
                "lambda:UpdateFunctionConfiguration",
                "lambda:GetFunction",
                "lambda:DeleteFunction",
                "lambda:ListFunctions",
                "athena:*",
                "redshift:*",
                "quicksight:*",
                "sns:*",
                "sagemaker:*",
                "ec2:Describe*",
                "firehose:DescribeDeliveryStream",
                "firehose:ListDeliveryStreams",
                "firehose:PutRecord",
                "firehose:PutRecordBatch",
                "ec2:CreateLaunchTemplate",
                "ec2:DescribeLaunchTemplates",
                "ec2:RunInstances",
                "ec2:DescribeInstances",
                "ec2:CreateTags",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ssm:GetParameters",
                "ssm:GetParameter",
                "ssm:DescribeParameters",
                "ec2:DeleteTags",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:PutRolePolicy",
                "iam:PassRole",
                "iam:DeleteRole",
                "ec2:CreateNetworkInterface",
                "ec2:DeleteNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:AttachNetworkInterface",
                "ec2:DetachNetworkInterface",
                "elasticloadbalancing:*",
                "logs:*",
                "cloudformation:*",
                "cloudwatch:*",
                "es:*"
            ],
            "Resource": "*"
        }
    ]
}
amazon-web-services amazon-s3 aws-lambda aws-cloudformation-custom-resource data-lake
1个回答
0
投票

当您尝试 

s3:CopyObject
时,您在列表中没有 
CopyLambdaDeployment
权限,这似乎是复制操作。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.