Aki*_*RAI 0 amazon-web-services amazon-cloudwatch aws-cli
我想每天使用CloudWatch Events停止我的EC2实例.在控制台上,它没有任何问题.通过对我使用控制台完成的配置进行逆向工程,一系列与之相当的命令似乎如下:
aws events put-rule \
--name stop-ec2-instance \
--schedule-expression 'cron(0 13 * * ? *)' \
--description "Stop EC2 instance everyday" \
--role-arn arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution
aws events put-targets \
--rule stop-ec2-instance \
--targets "[{ \
\"Arn\": \"arn:aws:automation:ap-northeast-1:012345678901:action/EC2StopInstance/EC2StopInstance_stop-ec2-instance\", \
\"Id\": \"EC2StopInstance_stop-ec2-instance\", \
\"Input\": \"\\\"arn:aws:ec2:ap-northeast-1:012345678901:instance/i-01234567\\\"\" \
}]"
.
但是,这不起作用,因为我在第一个命令时收到以下错误:
A client error (ValidationException) occurred when calling the PutRule operation: Provided role 'arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution' cannot be assumed by principal 'events.amazonaws.com'.
.
如何使用CLI放置Amazon CloudWatch Events规则?
您创建的IAM角色(即arn:aws:iam::012345678901:role/AWS_Events_Actions_Execution)不允许CloudWatch Events承担它.
转到IAM控制台中的角色,并在"信任关系"选项卡下,确保您的Statement块包含events.amazonaws.com为可以承担角色的已接受服务(也称为sts:AssumeRole操作).例如:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
| 归档时间: |
|
| 查看次数: |
2842 次 |
| 最近记录: |