我想从我的持续部署系统 (Codeship) 在 Elastic Beanstalk 上更新和部署新版本,但也想锁定部署用户拥有的权限。
如果需要权限,最小设置是多少?
最佳答案
此 IAM 策略提供执行“上传和部署”功能所需的所有权限:
替换以下内容:
节点:如果您将日志推送到 CloudWatch,您将需要额外的策略。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAutoscalingSuspendAndResumeProcesses",
"Action": [
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "AllowElasticBeanstalkValidateConfigurationSettings",
"Action": [
"elasticbeanstalk:ValidateConfigurationSettings"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:environment/$APPLICATION/$ENVIRONMENT"
],
"Condition": {
"StringEquals": {
"elasticbeanstalk:InApplication": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION"
]
}
}
},
{
"Sid": "AllowS3PutAndDeleteObjectInProperBucket",
"Action": [
"s3:Put*",
"s3:Delete*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-$REGION-$ACCOUNT/*"
]
},
{
"Sid": "AllowElasticBeanstalkCreateStorageLocation",
"Action": [
"elasticbeanstalk:CreateStorageLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "AllowElasticBeanstalkCreateApplicationVersion",
"Action": [
"elasticbeanstalk:CreateApplicationVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:applicationversion/$APPLICATION/*"
],
"Condition": {
"StringEquals": {
"elasticbeanstalk:InApplication": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION"
]
}
}
},
{
"Sid": "AllowElasticBeanstalkUpdateEnvironment",
"Action": [
"elasticbeanstalk:UpdateEnvironment"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:environment/$APPLICATION/$ENVIRONMENT"
],
"Condition": {
"StringEquals": {
"elasticbeanstalk:InApplication": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:application/$APPLICATION"
]
},
"StringLike": {
"elasticbeanstalk:FromApplicationVersion": [
"arn:aws:elasticbeanstalk:$REGION:$ACCOUNT:applicationversion/$APPLICATION/*"
]
}
}
},
{
"Sid": "AllowElasticBeanstalkReadOnlyAccess",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*",
"s3:Get*",
"s3:List*",
"sns:Get*",
"sns:List*",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Validate*",
"cloudformation:Estimate*",
"rds:Describe*",
"sqs:Get*",
"sqs:List*"
],
"Resource": "*"
}
]
}
关于amazon-web-services - 更新和部署 Elastic Beanstalk 应用程序所需的最低策略是什么?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35506603/
相关文章:
python - 使用 gensim 库进行内存高效 LDA 训练
oracle - 安装 Oracle ODAC 12c 第 4 版 (12.1.0.2.4) 时出现
python - 如何在 python 中将对象作为命令行参数传递?
ruby - 如何使用 Chef Recipe 删除文件中的一行?
html-table - 在单个表格行
visual-studio - 如何在 Google Chrome 扩展程序中创建侧边栏?
php - 我可以在不使用 S3 API 的情况下从我的 Amazon S3 帐户下载文件吗?
react-native - React Native 的 Realm - 不区分大小写的搜索
中混合表格标题 和表格数据 单