在 Aws Codepipeline ECS IAM 权限中可以使用哪些资源?
我正在关注 AWS 的 Iam 权限代码管道文档。 根据文档,这些是 ECS 标准部署的最低权限。
{
"Effect": "Allow",
"Action": [
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListTasks",
"ecs:RegisterTaskDefinition",
"ecs:UpdateService"
],
"Resource": "resource_ARN"
},
我对应该使用哪个资源感到困惑。我应该使用任务定义还是 ECS 服务?
I am following AWS's code pipeline documentation for Iam permissions. According to the docs these are the minimum permissions for ECS standard deployment.
{
"Effect": "Allow",
"Action": [
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListTasks",
"ecs:RegisterTaskDefinition",
"ecs:UpdateService"
],
"Resource": "resource_ARN"
},
I am confused about which resource arn I am supposed to use. Is it the task definition's or ECS service's arn I should be using?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我使用相同的权限并将
Resource: *更改为Resource: "ECS_SERVICE_ARN"不起作用。最终有效的方法是将权限分为两部分,如下所示:ECS 任务定义的资源级权限控制当前不可用,如下所述:https://stackoverflow.com/a/64019346/11409321
I was working with the same permissions and changing
Resource: *toResource: "ECS_SERVICE_ARN"did not work. What eventually worked was splitting the permissions into 2 parts like so:Resource-level permission control for ECS Task Definitions is currently not available, as mentioned here: https://stackoverflow.com/a/64019346/11409321
您需要检查
us-east-1部分以匹配您的区域。该号码必须与您的帐户 ID 匹配。要获取该信息,请转到右上角的菜单以获取帐户 ID。只需删除任何-即可。最后,myrepositoryname应与您用于创建 ECR 的名称相匹配。Where you will want to check the
us-east-1part to match your region. The number will have to match your Account ID. To get that go to the top right menu to get the Account ID. Just remove any-. Then lastly themyrepositorynameshould match the name you used to create the ECR for instance.