问题描述
使用火山引擎子账户并开通CDN服务,进行刷新服务时报错
Exception: {"ResponseMetadata":{"RequestID":"202202281646330102120972290B0925F8","Action":"SubmitRefreshTask","Version":"2021-03-01","Service":"CDN","Region":"cn-north-1","Error":{"Code":"CDN.InternalError","Message":"内部错误,请重试或联系客服人员解决。","Detail":"Code:AccessDenied, Message:User is not authorized to perform: iam:ListProjectResources on resource: []"}}}
子账户配置为下图 项目权限中配置两个 CDN 策略
问题分析
1.查看报错信息,有iam 报错信息,提示当前 iam 权限 ListProjectResources 没有进行授权
AccessDenied, Message:User is not authorized to perform: iam:ListProjectResources on resource:
解决方案
- 在所在子账户下添加全局
IAMReadOnly子账户权限
- 如果
IAMReadOnly权限过大,建议添加自定义策略 策略可以参考
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:ListProjectResources"
],
"Resource": [
"*"
]
}
]
}
