AccessAnalyzer服务链接角色不在组织管理账户中
我们可以使用以下代码来解决此问题:
- 创建一个IAM策略(AccessAnalyzerServiceLinkedRolePolicy):
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:DescribeCreateAccountStatus", "organizations:ListAccountsForParent" ], "Resource": "*" } ] }
- 将IAM策略与IAM Role("aws-service-role.access-analyzer.amazonaws.com")关联:
aws iam create-policy --policy-name AccessAnalyzerServiceLinkedRolePolicy --policy-document file://AccessAnalyzerServiceLinkedRolePolicy.json aws iam create-role --role-name AccessAnalyzerServiceLinkedRole --assume-role-policy-document file://AssumeAccessAnalyzerServiceLinkedRolePolicy.json aws iam attach-role-policy --role-name AccessAnalyzerServiceLinkedRole --policy-arn arn:aws:iam::123456789012:policy/AccessAnalyzerServiceLinkedRolePolicy
- 确保IAM角色("AccessAnalyzerServiceLinkedRole")在您的组织管理账户中可用。
这将确保Access Analyzer服务链接角色在组织管理账户中可用。