无法同步 *v1.Service:Route53 的 EKS 上的外部 DNS 中超出了上下文截止时间

问题描述 投票:0回答:1

无法使用外部 DNS 在 Route53 中创建记录,出现以下错误

无法同步 *v1.Service:超出上下文截止日期

time="2023-08-02T13:07:48Z" level=fatal msg="records retrieval failed: failed to list hosted zones: AccessDenied: User: arn:aws:sts::602867777777:assumed-role/scm-main-demo-eks-nodes/i-0e5e31a1cd641fcf3 is not authorized to perform: route53:ListHostedZones because no identity-based policy allows the route53:ListHostedZones action\n\tstatus code: 403, request id: 1d737c73-8d6a-49ce-8590-e819058e70ed"

用户

arn:aws:sts::602867777777:assumed-role/scm-main-demo-eks-nodes/i-0e5e31a1cd641fcf3
不是我想使用的,但不确定它来自哪里。

amazon-eks amazon-route53 external-dns
1个回答
0
投票

问题已通过以下策略解决,请在您的 IAM externalDNS 策略中添加最后一个 SID 权限块

    Version = "2012-10-17"
Statement = [
  {
    Effect = "Allow"
    Action = [
      "route53:GetHostedZone",
      "route53:ListResourceRecordSets",
      "route53:ListHostedZones",
      "route53:ChangeResourceRecordSets",
      "route53:GetHostedZoneCount",
      "route53:ListHostedZonesByName"
    ]
    Resource = "arn:aws:route53:::hostedzone/*"
  },
  {
    Effect = "Allow"
    Action = [
      "eks:DescribeCluster"
    ]
    Resource = "*"
  },
  {
    "Sid": "Route53ListHostedZones",
    "Effect": "Allow",
    "Action": "route53:ListHostedZones",
    "Resource": "*"
  }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.