Kyl*_*ams 10 amazon-web-services aws-cloudformation amazon-iam
我正在为授予跨账户只读访问权限的 IAM 角色开发 Cloudformation 模板。它也使用托管策略进行只读访问。到目前为止,我已经解决了几个错误,但是现在当我尝试验证模板时出现“模板中不允许使用‘空’值”错误。我认为这是一个空间或语法问题,但我不能确定,因为这是我第一次从头开始创建 cloudformation 模板并使用 YAML。
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
问题在于AssumeRolePolicyDocument:. 它是必需的,但您将其留空。你也有一个缺口问题,即Path,ManagedPolicyArns与RoleName正在Resources代替Properties。
尝试:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructure-IntegrationsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
Effect: Allow
Principal:
AWS: 11111111
Action: sts:AssumeRole
Condition:
StringEquals:
sts:ExternalId: '11111'
Path: '/'
ManagedPolicyArns: arn:aws:iam::aws:policy/ReadOnlyAccess
RoleName: NewRelicInfrastructure-Integrations2
缩进已修复,它在 AssumeRolePolicyDocument 中指定了某些内容,但 YAML 语法不正确,这有效:
AWSTemplateFormatVersion: '2010-09-09'
Description: AWS CloudFormation template IAM Role for New Relic to have read access to AWS account
Resources:
NewRelicInfrastructureIntegrationsRole:
Type: AWS::IAM::Role
Properties:
Path: '/managed/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/ReadOnlyAccess'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
-
Action: sts:AssumeRole
Effect: Allow
Principal:
AWS: 1111111111111
Condition:
StringEquals:
sts:ExternalId: '11111'
RoleName: NewRelicInfrastructureIntegrationsRole
| 归档时间: |
|
| 查看次数: |
26661 次 |
| 最近记录: |