- 最新
- 投票最多
- 评论最多
I have seen aws start-session (which is what scp is using under the hood) throw an AccessDeniedException with the reason "no identity-based policy allows the ssm:TerminateSession action" when the Session Manager Plugin has not been installed in the AWS CLI. I'm not sure that's your problem because you said the other user can already login with SSM, but I thought this might help others searching for this error message.
Here's how to install it: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
Edit: Noted that this probably doesn't solve the OP's problem.
Hi jonzen@,
With SSO, the credentials are federated as introduced here https://aws.amazon.com/identity/federation/. {aws:username}
method does not work for federated identities; instead, {aws:userid}
should be used. Please see the details here, under Example 3: https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-examples.html
Please let you customer try again after updating the policies.
Cheers,
Yuting
For me, it wasn't a security issue. I didn't have the session-manager plugin yet. Once I followed the steps outlined here, the authentication error went away. Leaving the IAM policy with {aws:username} worked for me.
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 1 年前
dude, after two days of struggle you saved my day. like I have not found such information on the whole internet. I gave access to all users to all roles :D once installed, works like a charm.THANK YOU !
btw I had a problem accessing gamelift fleet