Мне отказывают в доступе, когда я добавляю запись псевдонима через java, используя учетные данные amazon IAM.
Моя политика для пользователя, как показано ниже...
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/<hostedzoneid>"
]
},
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": "arn:aws:route53:::change/*"
}
]
}
Мой Java-код:
try{
ChangeBatch changeBatch = new ChangeBatch();
Collection<Change> changes = new ArrayList<Change>();
Change change = new Change();
change.setAction(ChangeAction.CREATE);
changes.add(change);
changeBatch.setChanges(changes);
ResourceRecordSet resourceRecordSet = new ResourceRecordSet();
AliasTarget alias=new AliasTarget();
alias.setHostedZoneId(hostedZoneId);
alias.setDNSName(ip);
alias.setEvaluateTargetHealth(false);
resourceRecordSet.setAliasTarget(alias);
resourceRecordSet.setName(recordSetName);
resourceRecordSet.setType(recordSetType);
change.setResourceRecordSet(resourceRecordSet);
ChangeResourceRecordSetsRequest changeResourceRecordSetsRequest = new ChangeResourceRecordSetsRequest();
changeResourceRecordSetsRequest.setHostedZoneId(hostedZoneId);
changeResourceRecordSetsRequest.setChangeBatch(changeBatch);
AmazonRoute53Client route53client = new AmazonRoute53Client(connection.getCredentials(), connection.getClientConfiguration());
//Facing error in return sattement
return route53client.changeResourceRecordSets(changeResourceRecordSetsRequest);
}
catch(Exception e)
{
e.printStackTrace();
return null;
}
Ошибка, с которой я сталкиваюсь:
com.amazonaws.AmazonServiceException: User: arn:aws:iam::564371343498020:user/tester is not authorized to access this resource (Service: AmazonRoute53; Status Code: 403; Error Code: AccessDenied; Request ID: e05f85d9-40ab-11e5-9914-9512262733a4)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:1078)
at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:726)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:461)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:296)
at com.amazonaws.services.route53.AmazonRoute53Client.invoke(AmazonRoute53Client.java:2358)
at com.amazonaws.services.route53.AmazonRoute53Client.changeResourceRecordSets(AmazonRoute53Client.java:2029)
at in.ss.util.AmazonWS.createResourceRecords(AmazonWS.java:64)
...
Я пропустил какой-либо ресурс или линию действия? Пожалуйста, помогите мне