IAM有关CodeDeploy的问题
问题描述 投票:0回答:1
我在看似微不足道的任务上遇到了麻烦,那就是让CodeDeploy在Blue / Green部署中将Github代码部署到AutoScaling组。
我有管道设置,部署组设置,AutoScaling组,ELB和LAUCH CONFIGURATION,但是在进行实际部署时失败:
这是我在codeDeploy-roles中的角色
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:PutMetricAlarm",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribePlacementGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcClassicLink"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
}
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:AttachLoadBalancerTargetGroups",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutLifecycleHook",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets"
],
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:PassRole",
"ec2:CreateTags",
"ec2:RunInstances"
],
"Resource": "*"
}
]
}
是否有我不认为需要与此角色相关的政策?
1个回答
0
投票
投票
据我了解,我宁愿执行以下步骤。
- 您需要创建一个CodeDeployServiceRole,而您刚刚使用了内置策略。
- 创建一个CodeDeploy应用程序和部署组,并在此处分配您的CodeDeployServiceRole。
- 在启动配置中,您不必担心CodeDeploy,只需为实例配置文件配置实例操作所需的策略。
最新问题
- 响应式网格,图像保持宽高比
- Next JS 13 服务器端页面在路由到该页面时不显示最新的获取数据
- 笔记本电脑 Windows 11 上的 vscode 终端中的语言 C:(致命错误,没有这样的文件或目录)
- Google Drive API 返回 200(HTTP 成功)用于测试 pdf 导出但没有文件
- 从 npm 工作区目录为 lambda 创建独立的节点包存档
- 尝试使用cmd安装wget
- Discord.py 斜线命令权限
- 使用 R 抓取带有动态表的页面
- Datadog 警报查询从集群获取失败的 kubernet cronjob
- 将 Django 应用程序部署到 AWS Elastic Beanstalk 时遇到问题
- 带有多个 where != 条件的 Firestore 查询
- SQL 将每月数据分解为每日行
- 从 WASM 高效地在画布上绘画
- `aws ecs execute-command` 导致 `TargetNotConnectedException` `由于内部错误,执行命令失败`
- 应用程序启动时出错:操作不能同时使用表单和 JSON 正文参数
- 无法在普通 JavaScript 纯文本 Lexical 中输入文本
- iOS 上 .mobi 文件的 UTI/系统声明的统一类型标识符是什么?
- MySQL - 比较包含国家字符的字符串常量的问题
- 为什么 Android Studio 生成的自适应图标会将图像裁剪得太多而无法使用?
- 对于定义为 0 的宏,#ifdef 和 #if 之间的细微差别
© www.soinside.com 2019 - 2024. All rights reserved.