我正在尝试在我的cloudformation脚本中检索文件.如果我公开提供该文件,那么它可以正常工作.如果文件是私有的,则cfn脚本失败,但/ var/log /中有404错误.尝试通过wget检索文件会导致相应的403错误.
如何从S3检索私人文件?
我的文件子句如下:
"files" : {
"/etc/httpd/conf/httpd.conf" : {
"source" : "https://s3.amazonaws.com/myConfigBucket/httpd.conf"
}
},
我添加了一个验证子句和适当的参数:
"Parameters" : {
"BucketRole" : {
"Description" : "S3 role for access to bucket",
"Type" : "String",
"Default" : "S3Access",
"ConstraintDescription" : "Must be a valid IAM Role"
}
}
"AWS::CloudFormation::Authentication": {
"default" : {
"type": "s3",
"buckets": [ "myConfigBucket" ],
"roleName": { "Ref" : "BucketRole" }
}
},
我的IAM角色如下所示:
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*" …