En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

AWS CLI Denied Permission Due to IAM Policy - Policy has all permissions correct. Previously worked fine.

0

I had to update my CLI on a few devices, and I am now unable to access anything pertaining to gamelift's API via an explicit denial. I double checked the permission policy that I assigned to the IAM user, and while it is set to allow full access to resources, it will not work.

Any suggestions or recommendations? I have also tried re-creating the policy via JSON and the visual GUI. I even tried creating a new user to use, and nothing works. I even ended up uninstalling the CLI tool and deleting the configuration and credential files multiple times trying to see if that would fix the issue.

Policy below:

{ "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "gamelift:", "Resource": "" } }

Sujets
Sécurité, identité et conformitéGestion et gouvernanceGame Tech
Balises
Sécurité, identité et conformitéInterface à ligne de commande AWSAmazon GameLiftPolitiques IAM
Langue
English
rePost-User-1475035
demandé il y a un an301 vues
1 réponse
0
Réponse acceptée

You mentioned "explicit denial", and you don't have Deny statements in your IAM principal's policies, right? Then there must be a Deny statement elsewhere. See https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html - it could be in an Organization SCP, Resource policy (though I don't think Gamelift has these) or a Permissions Boundary.

EXPERT
skinsman
répondu il y a un an
  • rePost-User-1475035
    il y a un an

    It looks like the culprit was a group policy that I created which forces the user to authenticate with MFA; otherwise, they do not have access to anything. I'm assuming there is a way to add MFA within the local AWS CLI? --EDIT-- Solved. Just had to grab the session token.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents