我正在尝试使用AWS文档建议的一个简单示例,使用策略json文件创建角色 http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html 我收到错误
A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource
这是命令,
>> aws iam create-role --role-name test-service-role --assume-role-policy-document file:///home/ec2-user/policy.json
A client error (MalformedPolicyDocument) occurred when calling the CreateRole operation: Has prohibited field Resource
该策略与示例中提到的策略完全相同
>> cat policy.json
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}
}
我的版本似乎是最新的
>> aws --version
aws-cli/1.9.9 Python/2.7.10 Linux/4.1.10-17.31.amzn1.x86_64 botocore/1.3.9
我看过几个链接,但我必须看一个例子。我有:
resource "aws_iam_role" "role" {
name = "role"
assume_role_policy = <<-EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1590217939125",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::wwe"
},
{
"Sid": "Stmt1590217939125",
"Action": "s3:*",
"Effect": "Allow",
"Resource": "arn:aws:s3:::wwe/*"
},
{
"Sid": "Stmt1577967806846",
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetRandomPassword",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
tags = {
Name = wwe
Environment = STAGE
}
}
当我在制作时,
terraform apply
我看到这个:
# aws_iam_role.role will be created
+ resource "aws_iam_role" "role" …amazon-web-services amazon-iam terraform terraform-provider-aws