如何解决如何编写AWS Cross Account策略
我有2个AWS账户,我想从Y账户访问X AWS存储桶,这些是AWS账户,而不是用户。 所以我创建了以下策略,但是它不起作用
第一角色
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {
"AWS": "arn:aws:iam::216808214654:user/test"
},"Action": [
"s3:GetObject*","s3:PutObject*","s3:ReplicateObject","s3:RestoreObject"
],"Resource": "arn:aws:s3:::gluetestingathena/*"
}
]
}
另一个问题是我想使用Athena来使用X帐户胶水数据库,而我却无法做到这一点,因此我正在遵循此文档-https://aws.amazon.com/blogs/big-data/cross-帐户aws胶数据目录与amazon-athena的访问/
为了让雅典娜坚持我写了这个政策
胶水政策
{
"Version": "2012-10-17","Action": [
"glue:GetDatabase","glue:GetDatabases","glue:GetPartition","glue:GetPartitions","glue:GetTable","glue:GetTables"
],"Principal": {
"AWS": [
"arn:aws:sts::216808214654:assumed-role/TestingAccountBhaiFromAviral-LambdaExecutionRole-W0WQQU2A7CKF/TestingAccountVarunFromAv-AthenaCrossAccountLambda-NSIX2SB5RO2J"
]
},"Resource": [
"arn:aws:glue:us-east-1:553975983261:catalog","arn:aws:glue:us-east-1:553975983261:database/gluetestingathena","arn:aws:glue:us-east-1:553975983261:table/gluetestingathena/*"
]
}
]
}
任何人都可以告诉我如何将X帐户连接到Y以进行S3 Access,如何将Athena X连接到Glues Y帐户
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。