amazon-web-services - 在AWS CodeBuild中创建新项目时，收到“未授权执行DescribeSecurityGroups”

我正在尝试在AWS CodeBuild中创建一个新项目。每次尝试接收以下错误:
Not authorized to perform DescribeSecurityGroups
任何帮助将不胜感激。

最佳答案

您可能会缺少服务角色中与VPC相关的权限。您需要更新角色以具有以下策略:

https://docs.aws.amazon.com/codebuild/latest/userguide/auth-and-access-control-iam-identity-based-access-control.html#customer-managed-policies-example-create-vpc-network-interface

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface",
                "ec2:DescribeDhcpOptions",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DeleteNetworkInterface",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeVpcs"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterfacePermission"
            ],
            "Resource": "arn:aws:ec2:{{region}}:{{account-id}}:network-interface/*",
            "Condition": {
                "StringEquals": {
                    "ec2:Subnet": [
                        "arn:aws:ec2:{{region}}:{{account-id}}:subnet/[[subnets]]"
                    ],
                    "ec2:AuthorizedService": "codebuild.amazonaws.com"
                }
            }
        }
    ]
}

关于amazon-web-services - 在AWS CodeBuild中创建新项目时，收到“未授权执行DescribeSecurityGroups”，我们在Stack Overflow上找到一个类似的问题：https://stackoverflow.com/questions/52843460/