Amazon Redshift：Acces Denied RestoreClusterSnapshotRequest

Question

我尝试使用快照还原群集时遇到问题。我会很感激任何指针。

使用的代码是：

var con = new AmazonRedshiftClient(acess_key_id, secret_acess_key, Amazon.RegionEndpoint.USWest2); 

     var restore = new Amazon.Redshift.Model.RestoreFromClusterSnapshotRequest() 
     { 
      ClusterIdentifier = clusterIdentifier, 
      SnapshotIdentifier = snapshotIdentifier, 
      AvailabilityZone = "us-west-2a", 
     }; 

     var response = con.RestoreFromClusterSnapshot(restore); 

     Console.WriteLine("Cluster Status : {0}", response.Cluster.ClusterStatus); 

当它的调用RestoreClusterSnapshotRequest操作，我有一个例外： ‘访问被拒绝请确保您的IAM权限允许此操作。’

使用亚马逊红移身份为基础的政策（IAM策略）这样 政策：

{ 
"Version": "2012-10-17", 
"Statement": [ 
    { 
     "Effect": "Allow", 
     "Action": [ 
      "redshift:CopyClusterSnapshot", 
      "redshift:RestoreFromClusterSnapshot", 
      "redshift:AuthorizeSnapshotAccess", 
      "redshift:RevokeSnapshotAccess" 
     ], 
     "Resource": [ 
      "arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd", 
      "arn:aws:redshift:us-west-2: {AccoundId}:cluster:*" 
     ] 
    }, 
    { 
     "Effect": "Allow", 
     "Action": [ 
      "redshift:DescribeClusterSnapshots" 
     ], 
     "Resource": [ 
      "*" 
     ] 
    } 
] 

}

可以在任何一个可以帮助我解决这个问题..并请纠正我，如果我在这个过程中做了任何错误..

在此先感谢

Answer 1

我认为你缺少“资源”段中的快照详细信息部分。 请参阅下面更新的：

"Resource": [ 
      "arn:aws:redshift:us-west-2:{AccoundId}:*/backup-20160208-dbrd", 
      "arn:aws:redshift:us-west-2: {AccoundId}:cluster:*", 
      "arn:aws:redshift:us-west-2:{AccoundId}:snapshot:*" 
     ] 

希望这会帮助你。