Amazon SP-API getOrder 角色不能由根账户承担
我有一个客户委托我提供他的卖家中央访问密钥 ID 和秘密访问密钥,但当我使用它时,创建 IAM 角色和用户策略并调用 API。它返回此调用是针对 getOrder 的。
“root 帐户可能无法承担 getOrder 角色”
此问题的解决方法是什么?
这是 API 的实际响应
Error executing "AssumeRole" on "https://sts.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://sts.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response:
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
`enter code here`<Code>AccessDeni (truncated...)
AccessDenied (client): Roles may not be assumed by root accounts. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>Roles may not be assumed by root accounts.</Message>
</Error>
<RequestId>0123456789</RequestId>
</ErrorResponse>
I have a client that has entrusted me with his seller central access key id and secret access key but when I use it creating IAM role and user policy and calling the API. It returns this call is for getOrder.
"getOrder Roles may not be assumed by root accounts"
What is the workaround for this?
this is the actual response from the API
Error executing "AssumeRole" on "https://sts.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://sts.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response:
<ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
`enter code here`<Code>AccessDeni (truncated...)
AccessDenied (client): Roles may not be assumed by root accounts. - <ErrorResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>Roles may not be assumed by root accounts.</Message>
</Error>
<RequestId>0123456789</RequestId>
</ErrorResponse>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您不应使用
root用户对帐户进行日常操作。相反,您应该使用 IAM 用户。如果您没有任何 IAM 用户供您自己使用,则必须 创建一个具有担任角色的权限的。然后,您可以使用该用户承担您的角色正在尝试使用。You shoudn't use
rootuser for day-to-day operations on your account. Instead you should use IAM user. If you don't have any IAM users for your own use, you have to create one with permissions to assume a role. Then you can use the user to assume the role that you are trying to use.