dot*_*abs 3 amazon-web-services aws-cloudformation
以下 CloudFormation 经过验证并包含 SESAccessPolicy,其中传递了一些参数。
不同的帐户 ID(用于生产:XXXXXXXXXXXXXXX 和测试:YYYYYYYYYYYYY)
Parameters:
ProdEmailFromAddress:
Type: String
Description: "Email address to use as sender"
Default: "arn:aws:ses:eu-west-1:XXXXXXXXXXXXX:identity/no-reply@company.no"
TestEmailFromAddress:
Type: String
Description: "Email address to use as sender"
Default: "arn:aws:ses:eu-west-1:YYYYYYYYYYYYY:identity/no-reply@companytest.no"
Conditions:
IsProductionDeployment: !Equals [!Ref "AWS::AccountId", "XXXXXXXXXXXXX"]
SESAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Permissions to send email from SES
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
Resource:
- !If [IsProductionDeployment,!Ref ProdEmailFromAddress, !Ref TestEmailFromAddress]
更新堆栈时,我们收到以下错误事件
Resource no-reply@companytest.no must be in ARN format or "*". (Service: AmazonIdentityManagement; Status Code: 400; Error Code: MalformedPolicyDocument; Request ID: 7af958ba-9c99-4073-a3b3-4da1b3ae80da; Proxy: null)
尽管如果我将 SESAccessPolicy 中的资源从使用 !Ref 更改为硬编码字符串,它仍然有效并且堆栈已部署。
Resource:
- !If [IsProductionDeployment,!Ref ProdEmailFromAddress, "arn:aws:ses:eu-west-1:YYYYYYYYYYYYY:identity/no-reply@companytest.no" ]
我想使用!Ref并且无法理解为什么它会抛出异常但接受字符串作为 ARN。
我曾经看到过一个使用 CloudTrail 解决此问题的网页,但现在找不到了。
有人可以阐明这一点或指出我正确的方向吗?TIA
我们可以通过更改“参数”部分中的ARN并使用如下连接来修复此问题:
Parameters:
ProdEmailFromAddress:
Type: String
Description: "Email address to use as sender"
Default: "no-reply@company.no"
TestEmailFromAddress:
Type: String
Description: "Email address to use as sender"
Default: "no-reply@companytest.no"
...
SESAccessPolicy:
Type: AWS::IAM::ManagedPolicy
Properties:
Description: Permissions to send email from SES
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
Resource:
- !Join [ "", [ !Sub "arn:aws:ses:eu-west-1:${AWS::AccountId}:identity/", !If [ IsProductionDeployment, !Ref ProdEmailFromAddress,!Ref TestEmailFromAddress ] ] ]
谢谢
| 归档时间: |
|
| 查看次数: |
8243 次 |
| 最近记录: |