目前,我在允许我的工作人员连接到 SQS 时遇到问题。这是日志:
2014-07-21T21:37:26Z error: AWS::SQS::Errors::AccessDenied: Access to the resource https://sqs.eu-west-1.amazonaws.com/343152361204/dev-compose-request is denied.
开发-撰写-请求是队列的名称。
I am能够将来自我的其他 ElasticBeanStalk WebApp(服务器层)的消息发布到此队列中。
我的工作层位于允许任何出站连接的安全组中。
听起来类似于:AWS Beanstalk Worker 无法启动 SQS 守护进程 aws-sqsd https://stackoverflow.com/questions/23740441/aws-beanstalk-worker-cant-start-sqs-daemon-aws-sqsd
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker
您能否确保与您的环境关联的 IAM 实例配置文件(可能名为 aws-elasticbeanstalk-ec2-role,但也可以命名为其他名称)具有上面链接中列出的所有权限?
(复制如下供参考)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QueueAccess",
"Action": [
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ReceiveMessage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "MetricsAccess",
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)