Необходимые разрешения для Spring Cloud AWS - конфигурация CloudFormation

Каковы разрешения, необходимые для использования Spring-Cloud-AWS с cloud.aws.stack.auto установить в TRUE?

Следуя совету, мы добавили следующее в политику.

    {
        "Action": [
            "cloudformation:DescribeStackResources"
        ],
        "Effect": "Allow",
        "Resource": "*"
    }

Теперь мы получаем следующую ошибку:

Caused by: com.amazonaws.services.cloudformation.model.AmazonCloudFormationException: Missing permission needed to verify if instance is part of an AutoScaling group: User: XXX is not authorized to perform: autoscaling:DescribeAutoScalingInstances (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError; Request ID: XXX)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.handleErrorResponse(AmazonHttpClient.java:1588)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeOneRequest(AmazonHttpClient.java:1258)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeHelper(AmazonHttpClient.java:1030)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:742)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:716)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:699)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:667)
        at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:649)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:513)
        at com.amazonaws.services.cloudformation.AmazonCloudFormationClient.doInvoke(AmazonCloudFormationClient.java:1818)
        at com.amazonaws.services.cloudformation.AmazonCloudFormationClient.invoke(AmazonCloudFormationClient.java:1794)
        at com.amazonaws.services.cloudformation.AmazonCloudFormationClient.executeDescribeStackResources(AmazonCloudFormationClient.java:919)
        at com.amazonaws.services.cloudformation.AmazonCloudFormationClient.describeStackResources(AmazonCloudFormationClient.java:895)
        at org.springframework.cloud.aws.core.env.stack.config.AutoDetectingStackNameProvider.autoDetectStackName(AutoDetectingStackNameProvider.java:76)
        at org.springframework.cloud.aws.core.env.stack.config.AutoDetectingStackNameProvider.afterPropertiesSet(AutoDetectingStackNameProvider.java:62)
        at org.springframework.cloud.aws.core.env.stack.config.AutoDetectingStackNameProvider.<init>(AutoDetectingStackNameProvider.java:52)
        at org.springframework.cloud.aws.core.env.stack.config.AutoDetectingStackNameProvider.<init>(AutoDetectingStackNameProvider.java:56)
        at org.springframework.cloud.aws.autoconfigure.context.ContextStackAutoConfiguration$StackAutoDetectConfiguration.stackResourceRegistryFactoryBean(ContextStackAutoConfiguration.java:71)
        at org.springframework.cloud.aws.autoconfigure.context.ContextStackAutoConfiguration$StackAutoDetectConfiguration$$EnhancerBySpringCGLIB$$c91e4a5d.CGLIB$stackResourceRegistryFactoryBean$0(<generated>)
        at org.springframework.cloud.aws.autoconfigure.context.ContextStackAutoConfiguration$StackAutoDetectConfiguration$$EnhancerBySpringCGLIB$$c91e4a5d$$FastClassBySpringCGLIB$$95ea2326.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
        at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:358)
        at org.springframework.cloud.aws.autoconfigure.context.ContextStackAutoConfiguration$StackAutoDetectConfiguration$$EnhancerBySpringCGLIB$$c91e4a5d.stackResourceRegistryFactoryBean(<generated>)

(Идентификатор пользователя и запроса заменен на XXX)

Это неожиданно, поскольку мы только думали, что нам нужно будет предоставить разрешение службам облачной информации.

Источник

0 ответов

Другие вопросы по тегам