问题描述
我有2个AWS账户,我想从Y账户访问X AWS存储桶,这些是AWS账户,而不是用户。 所以我创建了以下策略,但是它不起作用
第一角色
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {
"AWS": "arn:aws:iam::216808214654:user/test"
},"Action": [
"s3:GetObject*","s3:PutObject*","s3:ReplicateObject","s3:RestoreObject"
],"Resource": "arn:aws:s3:::gluetestingathena/*"
}
]
}
另一个问题是我想使用Athena来使用X帐户胶水数据库,而我却无法做到这一点,因此我正在遵循此文档-https://aws.amazon.com/blogs/big-data/cross-帐户aws胶数据目录与amazon-athena的访问/
为了让雅典娜坚持我写了这个政策
胶水政策
{
"Version": "2012-10-17","Action": [
"glue:GetDatabase","glue:GetDatabases","glue:GetPartition","glue:GetPartitions","glue:GetTable","glue:GetTables"
],"Principal": {
"AWS": [
"arn:aws:sts::216808214654:assumed-role/TestingAccountBhaiFromAviral-LambdaExecutionRole-W0WQQU2A7CKF/TestingAccountVarunFromAv-AthenaCrossAccountLambda-NSIX2SB5RO2J"
]
},"Resource": [
"arn:aws:glue:us-east-1:553975983261:catalog","arn:aws:glue:us-east-1:553975983261:database/gluetestingathena","arn:aws:glue:us-east-1:553975983261:table/gluetestingathena/*"
]
}
]
}
任何人都可以告诉我如何将X帐户连接到Y以进行S3 Access,如何将Athena X连接到Glues Y帐户
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)