跳转到主内容

BlueXP  AWS CVO create—适用于AWS S3的子任务"创建云形成堆栈"失败、并显示错误"no基于身份的策略允许使用iam:TagRole"

  1. 最后更新
  2. 另存为PDF
Views:
48
Visibility:
Public
Votes:
0
Category:
cloud-manager
Specialty:
bluexp
Last Updated:

适用场景

  • Amazon Web Service (AWS)
  • Cloud Volumes ONTAP (CVO)部署
  • 高可用性(HA)和单节点
  • 用于FabricPool或哥伦比亚广播公司的简单存储服务(S3)
  • Cloud Backup Service (哥伦比亚广播公司)

问题描述

使用AWS S3为FabricPool或CBS或这两者创建BlueXP  AWS CVO—适用于AWS S3的子任务"Create Cloud Formation Stack "失败、并显示错误 "no identity-based policy allows the iam:TagRole"
 
错误:
 
BlueXP  时间表
 
Create VSA Environment:
 Aug 26 2024, 5:23:38 pm Create Cloud Formation Stack failed cvo-instance-profile-version10-f21de2f5-63be-11ef-a3f3-7ba0fb45a1c4 Aug 26 2024, 5:23:18 pm Error: The following resource(s) failed to create: [IamInstanceRole]. Resource handler returned message: "Encountered a permissions error performing a tagging operation, please add required tag permissions. See https://repost.aws/knowledge-center/cloudformation-tagging-permission-error for how to resolve. Resource handler returned message: "User: arn:aws:sts::69199abcdef6:assumed-role/bluexpCloud-Manager-Operator-Gk0aQL0/i-0b4049d89620868d3 is not authorized to perform: iam:TagRole on resource: arn:aws:iam::69199abcdef6:role/cvo-instance-profile-version10-f21d-IamInstanceRole-OiiFvLfNQ15W because no identity-based policy allows the iam:TagRole action (Service: Iam, Status Code: 403, Request ID: a0c04413-78a4-456e-ab9a-xxxx)"" (RequestToken: 216aae93-5668-d1ae-1c33-yyy, HandlerErrorCode: UnauthorizedTaggingOperation ... Aug 26 2024, 5:23:18 pm Create Cloud Formation Stack success { "name": "cvo-instance-profile-version10-f21de2f5-63be-11ef-a3f3-7ba0fb45a1c4", "_result": "arn:aws:cloudformation:us-east-1:691999302746: stack/cvo-instance-profile-version10-f21de2f5-63be-11ef-a3f3-7ba0fb45a1c4/1f15a3f0-63bf-11ef-8ed9-0affc143be6f", "disableRollback": true, "tags": { "InstanceProfileResourcesStackName": "cvo-instance-profile-version10-f21de2f5-63be-11ef-a3f3-7ba0fb45a1c4" }, "_region": "us-east-1", "templateIsUrl": false, "templateName": null, "timeout": "15 minutes", "parameters": { "EC2Endpoint": "ec2.amazonaws.com", "FabricPoolBucketName": "fabric-pool-f21de2f5-63be-11ef-a3f3-xxxyyyyyyy", "S3ARN": "arn:aws:s3" } }
 
影响:
  • CVO创建成功、但无法将(FabricPool)或CBS分层到AWS S3
  • AWS S3 buckets 不显示在连接器canvas ->上 storage

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.