以下のポリシーをユーザーに添付しています。
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetSecurityGroups"
],
"Resource": [
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:loadbalancer/app/my-lb/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:listener/app/my-lb/*/*",
"arn:aws:elasticloadbalancing:ap-south-1:736855795947:targetgroup/my-target-group/*"
]
},
]
}
それでも、次のエラーが表示されます。
Error: error reading ELBv2 Target Group (arn:aws:elasticloadbalancing:ap-south-1:XXXXXXXXXXXX:targetgroup/my-target-group/55718775ec3196ff): AccessDenied: User: arn:aws:iam::XXXXXXXXXXXX:user/deploy_user is not authorized to perform: elasticloadbalancing:DescribeTargetGroups
この動作を理解できません。ポリシーが ELB と ELB v2 に分割されていることがわかります。すべての「説明」権限は、ELB v2 に移行します。 ELB v2 アクションのスクリーンショット
