Произошла ошибка (AccessDenied) при вызове операции CreatePolicyVersion

Question

Когда я использовал awscli для создания новой версии политики по умолчанию, я дал IAM все разрешения.Команда для создания версии политики выглядит следующим образом:

aws iam create-policy-version --policy-arn arn:aws:iam::150083650231:policy/erwim-api --policy-document file://NewPolicyVersion.json --set-as-default

Отображается следующее сообщение об ошибке:

An error occurred (AccessDenied) when calling the CreatePolicyVersion operation: User: arn:aws:iam::150083650231:user/erwim-api is not authorized to perform: iam:CreatePolicyVersion on resource: policy arn:aws:iam::150083650231:policy/erwim-api

После многих тестов и тестов я дал IAM все разрешения, Я все еще отображал то же сообщение об ошибке, что и выше.

Как решить эту проблему, спасибо!Это формат JSON моей стратегии:

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
            "ec2:AuthorizeSecurityGroupIngress",
            "ec2:DescribeTags",
            "ec2:DescribeVpnConnections",
            "ec2:GetEbsEncryptionByDefault",
            "ec2:GetCapacityReservationUsage",
            "ec2:DescribeVolumesModifications",
            "ec2:GetHostReservationPurchasePreview",
            "ec2:GetConsoleScreenshot",
            "ec2:GetReservedInstancesExchangeQuote",
            "ec2:DescribeSecurityGroups",
            "ec2:GetConsoleOutput",
            "ec2:RevokeSecurityGroupIngress",
            "ec2:GetPasswordData",
            "ec2:GetLaunchTemplateData",
            "ec2:DescribeScheduledInstances",
            "ec2:DescribeScheduledInstanceAvailability",
            "ec2:GetEbsDefaultKmsKeyId",
            "ec2:DescribeElasticGpus"
        ],
        "Resource": "*",
        "Condition": {
            "ForAnyValue:IpAddress": {
                "aws:SourceIp": [
                    "10.10.10.73/32",
                    "10.10.10.153/32",
                    "160.180.22.22/32"
                ]
            }
        }
    },
    {
        "Sid": "VisualEditor1",
        "Effect": "Allow",
        "Action": [
            "iam:GetPolicyVersion",
            "iam:GetAccountPasswordPolicy",
            "iam:ListRoleTags",
            "iam:ListServerCertificates",
            "iam:GenerateServiceLastAccessedDetails",
            "iam:ListServiceSpecificCredentials",
            "iam:ListSigningCertificates",
            "iam:ListVirtualMFADevices",
            "iam:ListSSHPublicKeys",
            "iam:SimulateCustomPolicy",
            "iam:SimulatePrincipalPolicy",
            "iam:ListAttachedRolePolicies",
            "iam:ListRolePolicies",
            "iam:DetachUserPolicy",
            "iam:GetAccountAuthorizationDetails",
            "iam:GetCredentialReport",
            "iam:ListPolicies",
            "iam:GetServerCertificate",
            "iam:GetRole",
            "iam:ListSAMLProviders",
            "iam:GetPolicy",
            "iam:UpdateUser",
            "iam:GetAccessKeyLastUsed",
            "iam:ListEntitiesForPolicy",
            "iam:AttachUserPolicy",
            "iam:UpdateSSHPublicKey",
            "iam:UpdateAccountPasswordPolicy",
            "iam:GetUserPolicy",
            "iam:ListGroupsForUser",
            "iam:GetGroupPolicy",
            "iam:GetOpenIDConnectProvider",
            "iam:GetRolePolicy",
            "iam:GetAccountSummary",
            "iam:GenerateCredentialReport",
            "iam:GetServiceLastAccessedDetailsWithEntities",
            "iam:ListPoliciesGrantingServiceAccess",
            "iam:ListMFADevices",
            "iam:GetServiceLastAccessedDetails",
            "iam:GetGroup",
            "iam:GetContextKeysForPrincipalPolicy",
            "iam:GetOrganizationsAccessReport",
            "iam:GetServiceLinkedRoleDeletionStatus",
            "iam:ListInstanceProfilesForRole",
            "iam:GenerateOrganizationsAccessReport",
            "iam:ListAttachedUserPolicies",
            "iam:ListAttachedGroupPolicies",
            "iam:CreatePolicyVersion",
            "iam:GetSAMLProvider",
            "iam:ListAccessKeys",
            "iam:GetInstanceProfile",
            "iam:ListGroupPolicies",
            "iam:GetSSHPublicKey",
            "iam:ListRoles",
            "iam:ListUserPolicies",
            "iam:ListInstanceProfiles",
            "iam:CreatePolicy",
            "iam:GetContextKeysForCustomPolicy",
            "iam:ListPolicyVersions",
            "iam:ListOpenIDConnectProviders",
            "iam:PutUserPolicy",
            "iam:ListAccountAliases",
            "iam:ListUsers",
            "iam:GetUser",
            "iam:ListGroups",
            "iam:GetLoginProfile",
            "iam:SetDefaultPolicyVersion",
            "iam:ListUserTags"
        ],
        "Resource": "*",
        "Condition": {
            "ForAnyValue:IpAddress": {
                "aws:SourceIp": [
                    "10.10.10.73/32",
                    "10.10.10.153/32",
                    "160.180.22.22/32"
                ]
            }
        }
    },
    {
        "Sid": "VisualEditor2",
        "Effect": "Allow",
        "Action": [
            "organizations:ListPoliciesForTarget",
            "organizations:ListRoots",
            "organizations:ListTargetsForPolicy",
            "organizations:DescribeOrganization",
            "organizations:DescribeOrganizationalUnit",
            "organizations:DescribeAccount",
            "organizations:ListParents",
            "organizations:DescribePolicy",
            "organizations:ListChildren",
            "organizations:ListPolicies"
        ],
        "Resource": "*",
        "Condition": {
            "ForAnyValue:IpAddress": {
                "aws:SourceIp": [
                    "10.10.10.73/32",
                    "10.10.10.153/32",
                    "160.180.22.22/32"
                ]
            }
        }
    }
]

}