使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

How do I fix all the "no identity-based policy allows the iam:ListAccountAliases action" errors

0

I have this "no identity-based policy allows the iam:ListAccountAliases action" error everywhere in the AWS interface. The error even appears in support requests or feedback. Everything just goes in circles.

Oh yes, the advice "Contact your administrator" is bad, that's me.

2 個答案
0

Hi,

I would suggest you to do what you're trying to do via CLI instead of console to have full control on what's happening.

Your first thing should be to run aws sts get-caller-identity to ensure that you really execute command under an userid that has admin privileges. See https://docs.aws.amazon.com/cli/latest/reference/sts/get-caller-identity.html

Then, when you're sure that you are admin, you should succeed with aws iam list-account-aliases. See https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/list-account-aliases.html for all details

Best,

Didier

profile pictureAWS
專家
已回答 1 年前
profile picture
專家
已審閱 1 年前
0

Hi,

As described in [1] 4, there's an issue with "Identity-based Policies". I would suggest you to open CloudShell from the top right of the management console and execute the following command

aws iam list-account-aliases

A similar error should occur, but at that time, the iam:listAccountAliases action is recorded in CloudTrail's event history [2](replace region). There is user information that was actually used for the action in "userIdentity", and specific error information are also described.

[1] https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow [2] https://ap-northeast-1.console.aws.amazon.com/cloudtrailv2/home?region=<YOUR_REGION>#/events?eventname=ListAccountAlases

已回答 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南