amazon-web-services - AWS::AutoScaling::LaunchConfiguration 您无权执行此操作

标签 amazon-web-services aws-cloudformation

当 cloudformation 构建堆栈时,我收到以下错误:

AWS::AutoScaling::LaunchConfiguration N1ClusterServerLaunchConfig 您无权执行此操作

我拥有管理员完全访问用户权限。但是,这仍然失败了。授权是由于模板内定义的 IAM 造成的吗? 

    "N1ClusterServerAutoScale": {
  "Type": "AWS::AutoScaling::AutoScalingGroup",
  "Properties": {
    "AvailabilityZones": {
      "Fn::GetAZs": ""
    },
    "LaunchConfigurationName": {
      "Ref": "N1ClusterServerLaunchConfig"
    },
    "MinSize": "2",
    "MaxSize": "64",
    "DesiredCapacity": {
      "Ref": "ClusterSize"
    },
    "Tags": [
      {
        "Key": "Name",
        "Value": {
          "Ref": "AWS::StackName"
        },
        "PropagateAtLaunch": true
      }
    ]
  },
  "Metadata": {
    "AWS::CloudFormation::Designer": {
      "id": "a715af00-ebba-4fab-a817-d5ee1986dfe7"
    }
  }
},
"N1ClusterServerLaunchConfig": {
  "Type": "AWS::AutoScaling::LaunchConfiguration",
  "Properties": {
    "ImageId": {
      "Fn::FindInMap": [
        "RegionMap",
        {
          "Ref": "AWS::Region"
        },
        "hvm"
      ]
    },
    "InstanceType": {
      "Ref": "InstanceType"
    },
    "KeyName": {
      "Ref": "KeyPair"
    },
    "SecurityGroups": [
      {
        "Ref": "N1ClusterSecurityGroup"
      },
      {
        "Ref": "N1NodeSecurityGroup"
      }
    ],
    "IamInstanceProfile": {
      "Ref": "IamInstanceProfile"
    },

IAM

   "AllowComputeFrom": {
      "Description": "The net block (CIDR) that N1-COMPUTE is available to.",
      "Default": "0.0.0.0/0",
      "Type": "String"
    },
    "IamInstanceProfile": {
      "Description": "The name of an IAM Profile which can access required S3 buckets and instances.",
      "Default": "arn:aws:iam::247256189695:instance-profile/n1-compute-instance",
      "Type": "String"
    },
    "IamInstanceProfileShort": {
      "Description": "The last part of the name of an IAM Profile which can create instances.",
      "Default": "n1-compute-instance",
      "Type": "String"
    },

最佳答案

使用 boto3 和 aws Lambda 创建 Autoscaling 和 Launchtemplate 时,我收到了相同的错误。向 Lambda 角色添加以下权限解决了该问题 -

iam:CreateInstanceProfile, iam:Passrole, iam:CreateServiceLinkedRole, iam:GetInstanceProfile, iam:ListInstanceProfile, iam:UpdateRole, iam:ListInstanceProfiles, iam:AddRoleToInstanceProfile, iam:TagInstanceProfile,

enter link description here
对于使用cloudformation的人可以添加相同的内容。

关于amazon-web-services - AWS::AutoScaling::LaunchConfiguration 您无权执行此操作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40623119/

上一篇:amazon-web-services - 使用 AWS CloudFormation 中的 EC2 实例创建的卷上的标签

下一篇:amazon-web-services - 如何将 CloudFormation WaitHandle 传递到不同的 Cloudformation 堆栈?

相关文章:

amazon-web-services - 如何备份 AWS Elasticache Redis 数据?

c# - 如何使用 AWS 身份验证保护我的 wcf 服务

php - amazon s3,将文件上传到存储桶中的文件夹中

conditional-statements - Aws - Cloudformation - Fn::Equals 错误,条件只能是对参数和其他条件的 bool 运算

python - DynamoDB 加载旧的本地数据库文件

amazon-web-services - CloudFront 分配未显示为 Route53 别名目标

amazon-web-services - AWS Java SDK Cloudformation 无法按名称或 ID 描述堆栈

amazon-web-services - 如何循环访问 CloudFormation 模板中的值

aws-cloudformation - 云形成的 secret

amazon-web-services - CloudFormation !Select with !Split 函数和负载均衡器 arn

©2024 IT工具网  联系我们